lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <511EEE14.8050902@redhat.com>
Date:	Fri, 15 Feb 2013 21:25:24 -0500
From:	Vlad Yasevich <vyasevic@...hat.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	Ben Greear <greearb@...delatech.com>,
	Erik Hugne <erik.hugne@...csson.com>, netdev@...r.kernel.org,
	kaber@...sh.net, ataschner@...e.com
Subject: Re: [MacVLAN] failure to deliver reassembled IPv6 multicast traffic

On 02/15/2013 02:35 PM, Eric Dumazet wrote:
> On Fri, 2013-02-15 at 11:27 -0800, Ben Greear wrote:
>
>> For some reason I was thinking this wasn't fully fixed for IPv4, but
>> maybe it is..the bug in our internal tracker only mentions IPv6
>> as having issues...
>>
>> We'll do some testing on IPv4 sometime soon to make sure, and can test
>> IPv6 patches as well...
>
> This worries me a bit, as I wrote this patch because you reported the
> issue.
>
> commit bc416d9768aa9a2e46eb11354a9c58399dafeb01
> Author: Eric Dumazet <eric.dumazet@...il.com>
> Date:   Thu Oct 6 10:28:31 2011 +0000
>
>      macvlan: handle fragmented multicast frames
>
>      Fragmented multicast frames are delivered to a single macvlan port,
>      because ip defrag logic considers other samples are redundant.
>
>      Implement a defrag step before trying to send the multicast frame.
>
>      Reported-by: Ben Greear <greearb@...delatech.com>
>      Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
>      Signed-off-by: David S. Miller <davem@...emloft.net>
>
>

Yep, IPv4 is there.  IPv6 is not and is a lot harder/more interesting 
since IPv6 may be disable, but reassembly may still need to work to
service the taps connected to VMs.  :(

The only reason I say this is because I've ran into too many people who
turn IPv6 off for "security reasons".

-vlad

>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ