| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50D7062D.8040901@gmail.com>
Date: Sun, 23 Dec 2012 14:25:01 +0100
From: Stephan Gatzka <stephan.gatzka@...il.com>
To: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
CC: netdev@...r.kernel.org, linux1394-devel@...ts.sourceforge.net
Subject: Re: IPv6 over Firewire
>
> Please, please try best not to mangle packets
> and keep/make IPsec, SEND right.
>
O.k., a small excerpt from RFC 3146:
The Source/Target Link-layer Address option has the following form when
the link layer is IEEE1394.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 3 | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+
| node_unique_ID (EUI-64 identifier) |
+--- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | max_rec | spd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| unicast_FIFO |
+--- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This is what I _have_ to send to comply with RFC 3146. In the skb I get
in the firewire net driver I have: Type, Length and node_unique_ID (the
hardware address), all tail padded to a 8 byte boundary:
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 3 | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+
| node_unique_ID (EUI-64 identifier) |
+--- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | 0x00 | 0x00 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x00000000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
So may aim is to rewrite the LL address option both while transmitting
and receiving IPv6 data on firewire. While transmitting, I append the
required information, while receiving I cut away the the firewire
specific stuff. So the upper layers will not see the firewire related
information. Yes, that mangling also involves recalculation of the
ICMPv6 checksum.
Again, if I shall not mangle the ndisc packets in the driver I have to
build RFC 3146 conformant packets in ndisc_build_skb(). But I see no
(general) way to get the firewire specific information into the linux
ndisc stuff. Of course I can add some if/else into
ndisc_fill_addr_option() and ndisc_recv_na(). But then I have to pull a
lot of firewire related stuff into the ndisc code.
I think this makes no sense, especially because I need that firewire
specific information in the firewire net driver to send correct firewire
packets. Besides that, the IPv4 portion of the firewire net drivers does
exactly the same with ARP packets what I want to do with IPv6 LL address
options.
Regards,
Stephan
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists