lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <53BF9043.20709@candelatech.com>
Date:	Fri, 11 Jul 2014 00:20:35 -0700
From:	Ben Greear <greearb@...delatech.com>
To:	roy.qing.li@...il.com, netdev@...r.kernel.org
CC:	hannes@...hat.com
Subject: Re: [PATCH net-next] ipv6: fix the check when handle RA

On 07/10/2014 03:02 AM, roy.qing.li@...il.com wrote:
> From: Li RongQing <roy.qing.li@...il.com>
>
> d9333196572(ipv6:  Allow accepting RA from local IP addresses.) made the wrong
> check, whether or not to accept RA with source-addr found on local machine, when
> accept_ra_from_local is 0.

Thanks for fixing this.  I found the 'ipv6_chk_addr' method's actual
behaviour and name hard to coorelate, and I must have written this part
while confused.

I will apply your patch and test in my scenario once I'm
back from vacation, just to be certain.

Thanks,
Ben

>
> Fixes: d9333196572(ipv6:  Allow accepting RA from local IP addresses.)
> Cc: Ben Greear <greearb@...delatech.com>
> Cc: Hannes Frederic Sowa <hannes@...hat.com>
> Signed-off-by: Li RongQing <roy.qing.li@...il.com>
> ---
>   net/ipv6/ndisc.c |   12 ++++++------
>   1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index a845e3d..139b45f 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1151,9 +1151,9 @@ static void ndisc_router_discovery(struct sk_buff *skb)
>   	/* Do not accept RA with source-addr found on local machine unless
>   	 * accept_ra_from_local is set to true.
>   	 */
> -	if (!(in6_dev->cnf.accept_ra_from_local ||
> -	      ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
> -			    NULL, 0))) {
> +	if (!in6_dev->cnf.accept_ra_from_local &&
> +	    ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
> +			  NULL, 0)) {
>   		ND_PRINTK(2, info,
>   			  "RA from local address detected on dev: %s: default router ignored\n",
>   			  skb->dev->name);
> @@ -1294,9 +1294,9 @@ skip_linkparms:
>   	}
>
>   #ifdef CONFIG_IPV6_ROUTE_INFO
> -	if (!(in6_dev->cnf.accept_ra_from_local ||
> -	      ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
> -			    NULL, 0))) {
> +	if (!in6_dev->cnf.accept_ra_from_local &&
> +	    ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
> +			  NULL, 0)) {
>   		ND_PRINTK(2, info,
>   			  "RA from local address detected on dev: %s: router info ignored.\n",
>   			  skb->dev->name);
>


-- 
Ben Greear <greearb@...delatech.com>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ