lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <542475E3.6030508@redhat.com>
Date:	Thu, 25 Sep 2014 22:06:59 +0200
From:	Daniel Borkmann <dborkman@...hat.com>
To:	David L Stevens <david.stevens@...cle.com>
CC:	davem@...emloft.net, hannes@...essinduktion.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/3] ipv6: mld: do not overwrite uri when receiving
 an mldv2 query

On 09/25/2014 06:02 PM, David L Stevens wrote:
> While I can see the case you're making, I think the intent of MRC is
> violated by arbitrary URI.
>
>> 5.1.3.  Maximum Response Code
>>
>>     The Maximum Response Code field specifies the maximum time allowed
>>     before sending a responding Report.
>> ...
>>     Small values of Maximum Response Delay allow MLDv2 routers to tune
>>     the "leave latency" (the time between the moment the last node on a
>>     link ceases to listen to a specific multicast address and the moment
>>     the routing protocol is notified that there are no more listeners for
>>     that address).  Larger values, especially in the exponential range,
>>     allow the tuning of the burstiness of MLD traffic on a link.
>
> If URI is larger than MRD, then a lost unsolicited report, or series,
> specifically will *not* propagate changes throughout the network in less
> than MRD*QRV, as intended.
>
> It was an intentional design choice, not required or prohibited by RFC.
>
> I'm not sure what problem you think it's causing, but if they are not
> equal, I think at least the URI should be enforced to <= MRD. The querier,
> IMO, should set these network-wide relevant parameters, not the individual
> hosts.

One of the problems I see (also with this argumentation -- next to the fact
that it's not specified by the RFC) is that we're blindly overwriting with
any given value from the MLDv2 query, while when temporarily transitioning
back to MLDv1 compatibility mode, we're simply ignoring any MLD value provided
from that query; both specifications also specify different default values for
URI, where we would have already overwritten a pre-configured URI default value
for v1 when we previously received a v2 query. While we have tunable for IPv4
case via commit 2690048c01f32 ("net: igmp: Allow user-space configuration of
igmp unsolicited report interval") and for IPv6 case via commit fc4eba58b4c1
("ipv6: make unsolicited report intervals configurable for mld"), this renders
any admin provided IPv6 specific configuration useless.

Thanks,
Daniel
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ