lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140107130101.GD24730@order.stressinduktion.org>
Date:	Tue, 7 Jan 2014 14:01:01 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	François-Xavier Le Bail <fx.lebail@...oo.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org,
	kaber@...sh.net
Subject: Re: [PATCH net-next v4] IPv6: use anycast addresses as source addresses in echo reply

On Tue, Jan 07, 2014 at 04:38:22AM -0800, François-Xavier Le Bail wrote:
> On Mon, 1/6/14, Hannes Frederic Sowa <hannes@...essinduktion.org> wrote:
> 
> 
> > > > I think we should pass a valid device in unless it
> > > > breaks something obvious.
> 
> > > The problem is that "saddr" is not necessarily an address on "skb->dev"
> > > in icmpv6_echo_reply(). It may be an address on another interface.
>  
> > Maybe you're right, but then I don't get it. Could you make
> > an example?
> 
> Yes :
> box with eth1, eth2, forwarding enable.
> 
> echo request arrives on eth2
> -------------------------------> eth2 (2a01:3::1)  {forwarding enable}   eth1 (2a01:2::1)
> 
> if dest == 2a01:3::
> Jan  7 10:36:36 localhost kernel: [   59.155376] icmpv6_echo_reply: saddr == 2a01:3::
> Jan  7 10:36:36 localhost kernel: [   59.155395] icmpv6_echo_reply: skb->dev->name == eth2
> Jan  7 10:36:36 localhost kernel: [   59.155398] icmpv6_echo_reply: ipv6_chk_acast_addr(net, skb->dev, saddr) == 1
> Jan  7 10:36:36 localhost kernel: [   59.155400] icmpv6_echo_reply: ipv6_chk_acast_addr(net, NULL, saddr) == 1
> if dest == 2a01:2::
> Jan  7 10:36:46 localhost kernel: [   68.807565] icmpv6_echo_reply: saddr == 2a01:2::
> Jan  7 10:36:46 localhost kernel: [   68.807580] icmpv6_echo_reply: skb->dev->name == eth2
> Jan  7 10:36:46 localhost kernel: [   68.807583] icmpv6_echo_reply: ipv6_chk_acast_addr(net, skb->dev, saddr) == 0
> Jan  7 10:36:46 localhost kernel: [   68.807586] icmpv6_echo_reply: ipv6_chk_acast_addr(net, NULL, saddr) == 1
> 
> So, as 2a01:2:: is a address on eth1, ipv6_chk_acast_addr(net, skb->dev, saddr) with dev == eth2 return 0.
> 
> It is the reason why I use dev == NULL.
> 
> Do your tests show something different ?

I haven't tested this particular setup.

> 
> Anyway, although I think that this solution is valid, I am testing another way to do this change.

Ok, thanks for explaining, I see now, of course.

Maybe we could just do (ipv6_addr_type(addr) & IPV6_ADDR_LINKLOCAL) ? skb->dev
: NULL?

I guess the NULL solution would be ok now, too. You can decide. I just
think we can be a bit more defensive here with no additional cost. Routing
table behaviour is pretty complicated and maybe can change in future.

Thank you,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ