lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <544FDDA7.8020007@redhat.com> Date: Tue, 28 Oct 2014 19:17:11 +0100 From: Daniel Borkmann <dborkman@...hat.com> To: Pierre Pfister <pierre@...ou.fr> CC: netdev@...r.kernel.org, liuhangbin@...il.com Subject: Re: ipv6 mld: packets are not looped back to/from kernel/querier On 10/28/2014 05:32 PM, Pierre Pfister wrote: > Hello, > > I’m implementing a dual-stack multicast querier (IGMPv3 and MLDv2) along with the PIM protocol. > So I’ve got two multicast sockets, one for each protocol. > > I open the two sockets like this: > > —————————————————— > fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP); > val = 1; > setsockopt(fd, IPPROTO_IP, MRT_INIT, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &val, sizeof(val)); > val = 0xc0; > setsockopt(fd, IPPROTO_IP, IP_TOS, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IP, IP_OPTIONS, &ipv4_rtr_alert, sizeof(ipv4_rtr_alert)) > > fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); > val = 1; > setsockopt(fd, IPPROTO_IPV6, MRT6_INIT, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPOPTS, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val)); > val = 2; > setsockopt(fd, IPPROTO_RAW, IPV6_CHECKSUM, &val, sizeof(val)); > setsockopt(fd, IPPROTO_IPV6, IPV6_HOPOPTS, &ipv6_rtr_alert, sizeof(ipv6_rtr_alert)); What kernel are you using? How do you setup ipv6_rtr_alert here? For inbound queries in IPv6, the kernel might be more picky after [correct] commit e940f5d6ba6a ("ipv6: Fix MLD Query message check"), so you need to make sure you have hop limit of 1 and a proper set up RA option ... > struct icmp6_filter flt; > ICMP6_FILTER_SETBLOCKALL(&flt); > ICMP6_FILTER_SETPASS(ICMPV6_MGM_QUERY, &flt); > ICMP6_FILTER_SETPASS(ICMPV6_MGM_REPORT, &flt); > ICMP6_FILTER_SETPASS(ICMPV6_MGM_REDUCTION, &flt); > ICMP6_FILTER_SETPASS(ICMPV6_MLD2_REPORT, &flt); > setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, &flt, sizeof(flt)); > —————————————————————— > > I’ve got two issues with the IPv6 socket. > When I send an MLD query, it is sent on the wire, but the kernel doesn’t interpret it (It doesn’t send MLD Reports as reply). > Similarly, when the kernel sends a Report, my MLD Querier socket doesn’t receive the message. > > The resulting problem is that everything works fine as long as the router doesn’t want to join a group. When it does, my Querier can’t know it, and the kernel doesn’t reply to Querier’s requests. > > It works well in IPv4. > > I tried removing the ICMPV6 filter as well as using IPV6_MULTICAST_LOOP. > > Am I doing something wrong or is it an actual bug ? > If you need more information, please ask. > > Thanks, > > > Pierre > > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists