| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140304105253.GC5090@Linus-Debian>
Date: Tue, 4 Mar 2014 11:52:54 +0100
From: Linus Lüssing <linus.luessing@....de>
To: Jan Stancek <jstancek@...hat.com>
Cc: netdev@...r.kernel.org, Florian Westphal <fwestpha@...hat.com>,
bridge@...ts.linux-foundation.org
Subject: Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest
Hi Jan,
On Tue, Mar 04, 2014 at 03:02:36AM -0500, Jan Stancek wrote:
> > For the broken query, ok, it's your manually crafted query. But
> > did you see a query with such a bogus source address "in the
> > wild", too? (I'm curious how urgent this sanity check is)
>
> It's real packet I managed to capture during one such occurrence.
> I'm sending it with small C program over raw socket, but it's byte
> by byte exact copy of what I captured with tcpdump previously.
>
> I'm not sure how that packet came to existence. Based on IPv6 address
> it came from host B, but all host B was doing at the time
> was running RHEL6 with couple qemu-kvm instances. KVM guests were
> set up to use bridge, so I'm assuming if any of them crafted
> this packet, source IPv6 address would be different.
>
Ah, okay. Can you check whether it maybe came from the querier
code in the Linux bridge on host B? Is
"cat /sys/class/net/br0/bridge/multicast_querier" 1? Can you
isolate host B and disable any multicast router daemon on it? Then
check again, if you still see these queries. What kernel version
is running on host B?
Cheers, Linus
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists