lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Mar 2014 00:03:23 +0100
From:	Linus Lüssing <linus.luessing@....de>
To:	Vlad Yasevich <vyasevich@...il.com>
Cc:	Jan Stancek <jstancek@...hat.com>, netdev@...r.kernel.org,
	Florian Westphal <fwestpha@...hat.com>,
	bridge@...ts.linux-foundation.org
Subject: Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest

On Mon, Mar 03, 2014 at 04:40:40PM -0500, Vlad Yasevich wrote:
> I did notice a minor issue in the bridge code.  The following
> code:
>        /* Prevent flooding this packet if there is no listener present */
>         if (!ipv6_addr_is_ll_all_nodes(&ip6h->daddr))
>                 BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
> 
>         if (ip6h->nexthdr != IPPROTO_HOPOPTS ||
>             ip6h->payload_len == 0)
>                 return 0;
> 
> will mark most multicast traffic is mrouters_only.  The two
> statement should be probably be reversed.  However, that's shouldn't
> cause the reported problem.

Reversing the order of these two if-clauses would reintroduce the issue
this commit tried to address, I think:
"bridge: prevent flooding IPv6 packets that do not have a listener"

Besides, I don't quite see what minor issue you are refering to,
would you mind being a little more verbose?

Cheers, Linus

PS: mrouters_only has a kind of confusing naming... for
MLD/IGMP packets it means sending to multicast routers only, there
the name fits. But for non-MLD/IGMP packets it means something
else since "bridge: Only flood unregistered groups to routers"
(and I went along with it with "bridge: prevent flooding IPv6 packets
that do not have a listener"), there it means dropping the skb if
there is no router or matching listener.

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ