lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1409745682.14224.10.camel@localhost>
Date:	Wed, 03 Sep 2014 14:01:22 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	David Miller <davem@...emloft.net>
Cc:	hideaki.yoshifuji@...aclelinux.com, johannes@...solutions.net,
	linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
	yoshfuji@...ux-ipv6.org
Subject: Re: [RFC] net: ipv4: drop unicast encapsulated in L2 multicast

On Di, 2014-09-02 at 15:03 -0700, David Miller wrote:
> From: YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>
> Date: Wed, 03 Sep 2014 10:59:14 +0900
> 
> > Upper-layer needs to cope eith situation of seeing packets with
> > "incorrect" L2 header anyway (e.g., in promiscous mode).
> > I do not see much advantage to drop them here.
> 
> It's required to prevent wireless nodes from using the shared wireless
> group keys (used for multicast transmission) to inject unicast frames.
> 
> The RFCs really do specify this at least on the ipv4 side.

I have to agree with YOSHIFUJI Hideaki here. I looked at a lot of RFCs
and haven't found anything were it states to use L2 address type for
checks in L3 ipv6 addresses. For IPv4 addresses the situation is clear
though...

There was an RFC update (6085) which specifically allows one to send
ipv6 multicast frames with unicast L2 addresses. In the dicussion that
lead to this RFC it was stated that checking L2 and L3 addresses seems
to be a layering violation, but I can just use this as a hint.

Bye,
Hannes


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ