lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 12 May 2014 11:07:43 +0800
From:	Duan Jiong <duanj.fnst@...fujitsu.com>
To:	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	David Miller <davem@...emloft.net>
CC:	netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] ipv6: update Destination Cache entries when gateway turn
 into host

于 2014年05月12日 08:54, Hannes Frederic Sowa 写道:
> On Thu, May 8, 2014, at 20:24, Duan Jiong wrote:
>>
>> RFC 4861 states in 7.2.5:
>>
>> 	The IsRouter flag in the cache entry MUST be set based on the
>>          Router flag in the received advertisement.  In those cases
>>          where the IsRouter flag changes from TRUE to FALSE as a result
>>          of this update, the node MUST remove that router from the
>>          Default Router List and update the Destination Cache entries
>>          for all destinations using that neighbor as a router as
>>          specified in Section 7.3.3.  This is needed to detect when a
>>          node that is used as a router stops forwarding packets due to
>>          being configured as a host.
>>
>> Currently, when dealing with NA Message which IsRouter flag changes from
>> TRUE to FALSE, the kernel only removes router from the Default Router List,
>> and don't update the Destination Cache entries.
>>
>> Now in order to update those Destination Cache entries, i introduce
>> function rt6_clean_tohost().
>>
>> [...]
>>
>> +/*remove routers and update dst entries when gateway turn into host.*/
>> +static int fib6_clean_tohost(struct rt6_info *rt, void *arg)
>> +{
>> +	struct in6_addr *gateway = (struct in6_addr *)arg;
>> +
>> +	if (((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY))
>> +	    == (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY))
>> +	    && ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
>> +		return -1;
>> +	} else if (((rt->rt6i_flags & (RTF_GATEWAY | RTF_CACHE))
>> +		      == (RTF_GATEWAY | RTF_CACHE))
>> +		    && ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
>> +		rt->rt6i_flags |= RTF_REJECT;
>> +		rt->dst.error = -ENETUNREACH;
>> +	}
>> +	return 0;
>> +}
> 
> I am not so happy with that but have not tried that.
> 
> The Destination Cache you quote from the RFC (if you follow 7.3.3.) actually refers to the neighbouring
> subsystem, where we would need to generate subsequent errors in case we try to forward a packet
> through a this particular router.
> 
> The reason why I am not that happy is, that the semantics when neighbour nodes are cleared is well
> defined but we don't have that semantics when those rt6_nodes get cleared up. E.g. consider a router which just temporarily switches forwarding off and on.
> 
> I guess we need to inspect NTF_ROUTER flag in the output path somehow. :/

Why we need to inspect NTF_ROUTER flag?
In my opinion, the problem is that we can't use the neighbour node as next hop.

Actually, after a node switches from being a router to being a host, we should 
perform next-hop determination rather than continue sending traffic to the former
router, so we could just delete those Destination Cache entries.

You can refer to the below:
RFC 4861 states in 6.3.5: 
   Whenever the Lifetime of an entry in the Default Router List expires,
   that entry is discarded.  When removing a router from the Default
   Router list, the node MUST update the Destination Cache in such a way
   that all entries using the router perform next-hop determination
   again rather than continue sending traffic to the (deleted) router.

Thanks,
  Duan
> 
> Greetings,
> 
>   Hannes
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> .
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists