| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2012 22:41:49 +0200 From: Andras Takacs <wakoond@...oond.hu> To: netdev@...r.kernel.org Subject: 3.4.2 net/ipv6/mip6.c destopt regression Dear All, I'm working with Mobile IPv6 systems, and I'm setting up a new MIP6 environment. I would like to use the latest stable kernel, so I'm using 3.4.2. Unfortunately I have some serious problems with destination option XFRM processing. I have done the following tests to find the issue: First case: No XFRM policies and states. Sending MH messages without destopt header. In this case the message format is OK, I have tested it with tcpdump and wireshark. 21:33:58.817130 IP6 2001:470:7210:10::11 > 2001:470:7210:10::1000: mobility: BU seq#=1 lifetime=8 0x0000: 6000 0000 0020 8740 2001 0470 7210 0010 `......@...pr... 0x0010: 0000 0000 0000 0011 2001 0470 7210 0010 ...........pr... 0x0020: 0000 0000 0000 1000 3b03 0500 1c46 0001 ........;....F.. 0x0030: 0000 0002 0100 0310 2001 0470 7210 0011 ...........pr... 0x0040: 020c 29ff fe46 a0e3 ..)..F.. Second case: Adding destopt XFRM policy and state: ip -6 xfrm policy add src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 proto 135 type 5 dir out priority 2 ptype sub tmpl src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 proto hao reqid 0 mode ro level use ip -6 xfrm state add src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 proto hao reqid 0 mode ro replay-window 0 coa 2001:470:7210:11:20c:29ff:fe46:a0e3 sel src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 In this case, the message format is corrupted: 21:30:42.350315 IP6 2001:470:7210:11:20c:29ff:fe46:a0e3 > 2001:470:7210:10::1000: DSTOPT mobility: type-#41 len=12 0x0000: 6000 0000 0020 3c40 2001 0470 7210 0011 `.....<@...pr... 0x0010: 020c 29ff fe46 a0e3 2001 0470 7210 0010 ..)..F.....pr... 0x0020: 0000 0000 0000 1000 8702 0102 0000 c910 ................ 0x0030: 2001 0470 7210 0010 0000 0000 0000 0011 ...pr........... 0x0040: 020c 29ff fe46 a0e3 As you can see, the IPv6 header is OK. Next, the destination option header is OK. Finally, the following part of the packet isn't OK. If you compare the two dump carefully, you will see, that the last 8 bytes are identical. The mip6_destopt_output function adds the destination option header correctly, but overwrites the existing MH header, and doesn't shift it after the destopt header. I'm not familiar with the XFRM framework enough to fix the problem. :( Maybe, could anyone help to me to fix this issue? The last environment, which worked fine was built on 2.6.35 version. The problem happened between 2.6.35 and 3.4.2. Sorry, I know, it is a quite big interval. :( Thanks! Best regards, András Takács-- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists