lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 20 Dec 2011 19:10:24 +0800
From:	Gao feng <gaofeng@...fujitsu.com>
To:	netdev@...r.kernel.org
Cc:	davem@...emloft.net, Wang xingtong <wangxingtong@...fujitsu.com>
Subject: [PATCH V2] IPv6 : add multicast routing verify which net_device is lo

In currently routing subsystem, when we lookup a multicast routing
to send muticast packets to outside, rt6_device_match will return
the rt6_info which it's match first. If we add a multicast route on
loopback devices beforce the others interface, rt6_device_match will
retrun the rt6_info which rt6i_dev->name is "lo". But, obviously,
we can't send a muticast packet to outside using loopback devices.
It case all multicast packets blocking.

Commit 4af04aba93f47699e disabled kernel add multicast route on lo
automatically. However,  we can't surmise the routing-add order or
interdict add multicast routing on loopback devices in user space.
The bug still exist. So, i think, more stronger routing subsystem is
necessary.

Signed-off-by: Wang xingtong <wangxingtong@...fujitsu.com>
---
 net/ipv6/route.c |   19 ++++++++++++++++---
 1 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b582a0a..d6663ca 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -334,9 +334,16 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
 	struct rt6_info *local = NULL;
 	struct rt6_info *sprt;
 
-	if (!oif && ipv6_addr_any(saddr))
+	if (!oif && ipv6_addr_any(saddr)){
+		if (unlikely(rt->rt6i_dev->flags & IFF_LOOPBACK &&
+			ipv6_addr_is_multicast(&rt->rt6i_dst.addr))){
+			rt=rt->dst.rt6_next;
+			goto match;
+		}
 		goto out;
+	}
 
+match:
 	for (sprt = rt; sprt; sprt = sprt->dst.rt6_next) {
 		struct net_device *dev = sprt->rt6i_dev;
 
@@ -355,9 +362,15 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
 				local = sprt;
 			}
 		} else {
-			if (ipv6_chk_addr(net, saddr, dev,
-					  flags & RT6_LOOKUP_F_IFACE))
+			if (ipv6_addr_any(saddr)){
+				if (unlikely(rt->rt6i_dev->flags & IFF_LOOPBACK &&
+					ipv6_addr_is_multicast(&rt->rt6i_dst.addr)))
+					continue;
 				return sprt;
+			}
+			else if (ipv6_chk_addr(net, saddr, dev,
+					  flags & RT6_LOOKUP_F_IFACE))
+					return sprt;
 		}
 	}
 
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists