lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <544FDDA7.8020007@redhat.com>
Date:	Tue, 28 Oct 2014 19:17:11 +0100
From:	Daniel Borkmann <dborkman@...hat.com>
To:	Pierre Pfister <pierre@...ou.fr>
CC:	netdev@...r.kernel.org, liuhangbin@...il.com
Subject: Re: ipv6 mld: packets are not looped back to/from kernel/querier

On 10/28/2014 05:32 PM, Pierre Pfister wrote:
> Hello,
>
> I’m implementing a dual-stack multicast querier (IGMPv3 and MLDv2) along with the PIM protocol.
> So I’ve got two multicast sockets, one for each protocol.
>
> I open the two sockets like this:
>
> ——————————————————
> fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
> val = 1;
> setsockopt(fd, IPPROTO_IP, MRT_INIT, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &val, sizeof(val));
> val = 0xc0;
> setsockopt(fd, IPPROTO_IP, IP_TOS, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IP, IP_OPTIONS, &ipv4_rtr_alert, sizeof(ipv4_rtr_alert))
>
> fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
> val = 1;
> setsockopt(fd, IPPROTO_IPV6, MRT6_INIT, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPOPTS, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val));
> val = 2;
> setsockopt(fd, IPPROTO_RAW, IPV6_CHECKSUM, &val, sizeof(val));
> setsockopt(fd, IPPROTO_IPV6, IPV6_HOPOPTS, &ipv6_rtr_alert, sizeof(ipv6_rtr_alert));

What kernel are you using? How do you setup ipv6_rtr_alert here?

For inbound queries in IPv6, the kernel might be more picky after
[correct] commit e940f5d6ba6a ("ipv6: Fix MLD Query message check"),
so you need to make sure you have hop limit of 1 and a proper set
up RA option ...

> struct icmp6_filter flt;
> ICMP6_FILTER_SETBLOCKALL(&flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MGM_QUERY, &flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MGM_REPORT, &flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MGM_REDUCTION, &flt);
> ICMP6_FILTER_SETPASS(ICMPV6_MLD2_REPORT, &flt);
> setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, &flt, sizeof(flt));
> ——————————————————————
>
> I’ve got two issues with the IPv6 socket.
> When I send an MLD query, it is sent on the wire, but the kernel doesn’t interpret it (It doesn’t send MLD Reports as reply).
> Similarly, when the kernel sends a Report, my MLD Querier socket doesn’t receive the message.
>
> The resulting problem is that everything works fine as long as the router doesn’t want to join a group. When it does, my Querier can’t know it, and the kernel doesn’t reply to Querier’s requests.
>
> It works well in IPv4.
>
> I tried removing the ICMPV6 filter as well as using IPV6_MULTICAST_LOOP.
>
> Am I doing something wrong or is it an actual bug ?
> If you need more information, please ask.
>
> Thanks,
>
>
> Pierre
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ