| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <544FDDA7.8020007@redhat.com>
Date: Tue, 28 Oct 2014 19:17:11 +0100
From: Daniel Borkmann <dborkman@...hat.com>
To: Pierre Pfister <pierre@...ou.fr>
CC: netdev@...r.kernel.org, liuhangbin@...il.com
Subject: Re: ipv6 mld: packets are not looped back to/from kernel/querier
On 10/28/2014 05:32 PM, Pierre Pfister wrote:
> Hello,
>
> I’m implementing a dual-stack multicast querier (IGMPv3 and MLDv2) along with the PIM protocol.
> So I’ve got two multicast sockets, one for each protocol.
>
> I open the two sockets like this:
>
> ——————————————————
> fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
> val = 1;
> setsockopt(fd, IPPROTO_IP, MRT_INIT, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &val, sizeof(val));
> val = 0xc0;
> setsockopt(fd, IPPROTO_IP, IP_TOS, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IP, IP_OPTIONS, &ipv4_rtr_alert, sizeof(ipv4_rtr_alert))
>
> fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
> val = 1;
> setsockopt(fd, IPPROTO_IPV6, MRT6_INIT, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPOPTS, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val));
> val = 2;
> setsockopt(fd, IPPROTO_RAW, IPV6_CHECKSUM, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_HOPOPTS, &ipv6_rtr_alert, sizeof(ipv6_rtr_alert));
What kernel are you using? How do you setup ipv6_rtr_alert here?
For inbound queries in IPv6, the kernel might be more picky after
[correct] commit e940f5d6ba6a ("ipv6: Fix MLD Query message check"),
so you need to make sure you have hop limit of 1 and a proper set
up RA option ...
> struct icmp6_filter flt;
> ICMP6_FILTER_SETBLOCKALL(&flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MGM_QUERY, &flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MGM_REPORT, &flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MGM_REDUCTION, &flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MLD2_REPORT, &flt);
> setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, &flt, sizeof(flt));
> ——————————————————————
>
> I’ve got two issues with the IPv6 socket.
> When I send an MLD query, it is sent on the wire, but the kernel doesn’t interpret it (It doesn’t send MLD Reports as reply).
> Similarly, when the kernel sends a Report, my MLD Querier socket doesn’t receive the message.
>
> The resulting problem is that everything works fine as long as the router doesn’t want to join a group. When it does, my Querier can’t know it, and the kernel doesn’t reply to Querier’s requests.
>
> It works well in IPv4.
>
> I tried removing the ICMPV6 filter as well as using IPV6_MULTICAST_LOOP.
>
> Am I doing something wrong or is it an actual bug ?
> If you need more information, please ask.
>
> Thanks,
>
>
> Pierre
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists