| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <53703AFF.2040208@cn.fujitsu.com>
Date: Mon, 12 May 2014 11:07:43 +0800
From: Duan Jiong <duanj.fnst@...fujitsu.com>
To: Hannes Frederic Sowa <hannes@...essinduktion.org>,
David Miller <davem@...emloft.net>
CC: netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] ipv6: update Destination Cache entries when gateway turn
into host
于 2014年05月12日 08:54, Hannes Frederic Sowa 写道:
> On Thu, May 8, 2014, at 20:24, Duan Jiong wrote:
>>
>> RFC 4861 states in 7.2.5:
>>
>> The IsRouter flag in the cache entry MUST be set based on the
>> Router flag in the received advertisement. In those cases
>> where the IsRouter flag changes from TRUE to FALSE as a result
>> of this update, the node MUST remove that router from the
>> Default Router List and update the Destination Cache entries
>> for all destinations using that neighbor as a router as
>> specified in Section 7.3.3. This is needed to detect when a
>> node that is used as a router stops forwarding packets due to
>> being configured as a host.
>>
>> Currently, when dealing with NA Message which IsRouter flag changes from
>> TRUE to FALSE, the kernel only removes router from the Default Router List,
>> and don't update the Destination Cache entries.
>>
>> Now in order to update those Destination Cache entries, i introduce
>> function rt6_clean_tohost().
>>
>> [...]
>>
>> +/*remove routers and update dst entries when gateway turn into host.*/
>> +static int fib6_clean_tohost(struct rt6_info *rt, void *arg)
>> +{
>> + struct in6_addr *gateway = (struct in6_addr *)arg;
>> +
>> + if (((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY))
>> + == (RTF_ADDRCONF | RTF_DEFAULT | RTF_GATEWAY))
>> + && ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
>> + return -1;
>> + } else if (((rt->rt6i_flags & (RTF_GATEWAY | RTF_CACHE))
>> + == (RTF_GATEWAY | RTF_CACHE))
>> + && ipv6_addr_equal(gateway, &rt->rt6i_gateway)) {
>> + rt->rt6i_flags |= RTF_REJECT;
>> + rt->dst.error = -ENETUNREACH;
>> + }
>> + return 0;
>> +}
>
> I am not so happy with that but have not tried that.
>
> The Destination Cache you quote from the RFC (if you follow 7.3.3.) actually refers to the neighbouring
> subsystem, where we would need to generate subsequent errors in case we try to forward a packet
> through a this particular router.
>
> The reason why I am not that happy is, that the semantics when neighbour nodes are cleared is well
> defined but we don't have that semantics when those rt6_nodes get cleared up. E.g. consider a router which just temporarily switches forwarding off and on.
>
> I guess we need to inspect NTF_ROUTER flag in the output path somehow. :/
Why we need to inspect NTF_ROUTER flag?
In my opinion, the problem is that we can't use the neighbour node as next hop.
Actually, after a node switches from being a router to being a host, we should
perform next-hop determination rather than continue sending traffic to the former
router, so we could just delete those Destination Cache entries.
You can refer to the below:
RFC 4861 states in 6.3.5:
Whenever the Lifetime of an entry in the Default Router List expires,
that entry is discarded. When removing a router from the Default
Router list, the node MUST update the Destination Cache in such a way
that all entries using the router perform next-hop determination
again rather than continue sending traffic to the (deleted) router.
Thanks,
Duan
>
> Greetings,
>
> Hannes
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> .
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists