lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20131029193624.GB20147@order.stressinduktion.org>
Date:	Tue, 29 Oct 2013 20:36:24 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	luzemario@...il.com
Cc:	netdev@...r.kernel.org
Subject: Re: [Bug 64011] New: Link-local addresses are used to go outside instead of assigned IPv6 routable address

Hi!

On Tue, Oct 29, 2013 at 01:36:37PM +0000, bugzilla-daemon@...zilla.kernel.org wrote:
> https://bugzilla.kernel.org/show_bug.cgi?id=64011
> 
>             Bug ID: 64011
>            Summary: Link-local addresses are used to go outside instead of
>                     assigned IPv6 routable address
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 3.11.6-200 and earlier
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: high
>           Priority: P1
>          Component: IPV6
>           Assignee: yoshfuji@...ux-ipv6.org
>           Reporter: luzemario@...il.com
>         Regression: No
> 
> Created attachment 112651
>   --> https://bugzilla.kernel.org/attachment.cgi?id=112651&action=edit
> pfSense screenshot of blocked link-local requests to outside
> 
> Sometimes kernel tries to estabilish a IPv6 connection to external global
> routable addresses using [FE80::] link-local addresses, instead of using the
> learned DHCPv6 global-unicast address.
> 
> In the attached screenshot, the machine got an IPv6 address in the
> [2001:1291:200::] range, and was correctly configured.
> 
> Since link-local should not traverse network segments, I am getting lots of
> events in my firewall from several kernel versions of different distros (see
> attachment).
> 
> At the time when the kernel attempts to use the link-local address, there is a
> small delay (around 1s) to open IPv6 pages. It appears kernel tries to reach a
> remote machine using link-local address. When it fails, the kernel uses the
> assigned global routable address.
> 
> This issue was seen on several major distros, as Fedora, Ubuntu, Mageia, etc.
> yet on the distro's later updates.

Could you provide ip -6 a l, ip -6 r l, ip -6 n l and a copy of /proc/net/ipv6_route
(please check that the lines are not broken up)? The configuration of the
router advertisment daemon on your gateway would be interesting, too.

Thanks,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ