lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130412175141.GA30292@order.stressinduktion.org>
Date:	Fri, 12 Apr 2013 19:51:41 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	"Meng, Jilin" <Jilin.Meng@....com>
Cc:	"davem@...emloft.net" <davem@...emloft.net>,
	"kuznet@....inr.ac.ru" <kuznet@....inr.ac.ru>,
	"jmorris@...ei.org" <jmorris@...ei.org>,
	"yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>,
	"kaber@...sh.net" <kaber@...sh.net>,
	"Sun, Yinglin" <yinglin.sun@....com>,
	"Prithviraj, Lakshmanan" <lakshmanan.prithviraj@....com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Eric Dumazet <eric.dumazet@...il.com>
Subject: Re: [PATCH] net: Fix tentative IPv6 address due to DAD looping back

On Fri, Apr 12, 2013 at 07:45:54AM +0000, Meng, Jilin wrote:
> This version accepted David's comments of coding style, Eric's comments of ether_addr_equal_64bits(), and Hannes' comments of eth_hdr(), etc.
> 
> we should ignore the looped-back IPv6 DAD packet to avoid configuration failure.
> This occurs when a bonding interface with roundrobin mode is being configured an IPv6 address while the switch side isn't configured bonding/channel yet.

RFC4862 5.4.5 definitely states that if DAD detects duplicate mac
addresses IPv6 SHOULD be disabled on that interface. Your patch
deliberately omits this all the time.

What do you think if we hook up a function which does reenable ipv6 on
an interface as soon as 'disable_ipv6' is switched to '0'? So you could
control reacquiring the ipv6 address from userspace without ifup&ifdown
and the risk of disturbing ipv4 connections? This seems to be the
easiest solution (but have not checked thoroughly).

Otherwise we should think about a loop detection in the bonding driver,
which I think, is very hard to get right. Think about more advanced
setups with bonded ports into a bridge and the suppression of spanning
tree bpdus (nobody knows where the looping does actually occur).

Thanks,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ