lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 29 Oct 2014 09:14:11 +0100
From:	Pierre Pfister <>
To:	Daniel Borkmann <>
Subject: Re: ipv6 mld: packets are not looped back to/from kernel/querier

Thanks for the quick answer,

See inline,

Le 28 oct. 2014 à 19:17, Daniel Borkmann <> a écrit :

> On 10/28/2014 05:32 PM, Pierre Pfister wrote:
>> Hello,
>> I’m implementing a dual-stack multicast querier (IGMPv3 and MLDv2) along with the PIM protocol.
>> So I’ve got two multicast sockets, one for each protocol.
>> I open the two sockets like this:
>> ——————————————————
>> fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
>> val = 1;
>> setsockopt(fd, IPPROTO_IP, MRT_INIT, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &val, sizeof(val));
>> val = 0xc0;
>> setsockopt(fd, IPPROTO_IP, IP_TOS, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IP, IP_OPTIONS, &ipv4_rtr_alert, sizeof(ipv4_rtr_alert))
>> fd = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
>> val = 1;
>> setsockopt(fd, IPPROTO_IPV6, MRT6_INIT, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPOPTS, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val, sizeof(val));
>> val = 2;
>> setsockopt(fd, IPPROTO_RAW, IPV6_CHECKSUM, &val, sizeof(val));
>> setsockopt(fd, IPPROTO_IPV6, IPV6_HOPOPTS, &ipv6_rtr_alert, sizeof(ipv6_rtr_alert));
> What kernel are you using? How do you setup ipv6_rtr_alert here?
> For inbound queries in IPv6, the kernel might be more picky after
> [correct] commit e940f5d6ba6a ("ipv6: Fix MLD Query message check"),
> so you need to make sure you have hop limit of 1 and a proper set
> up RA option …

I can reproduce the problem with both 3.10.28 and 3.14-0. I will try to try a later version.
I don’t think the packet itself can be a problem as other routers correctly receive it.
The problem comes with loopbacking to kernel and userspace (Depending whether the kernel or querier sent it).

Here is the router alert struct.
static struct {
	struct ip6_hbh hdr;
	struct ip6_opt_router rt;
	uint8_t pad[2];
} ipv6_rtr_alert = {
	.hdr = {0, 0},
	.rt = {IP6OPT_ROUTER_ALERT, 2, {0, IP6_ALERT_MLD}},
	.pad = {0, 0}

I also checked what that commit checks (wiresharked), and everything seems correct.


- Pierre

>> struct icmp6_filter flt;
>> setsockopt(fd, IPPROTO_ICMPV6, ICMP6_FILTER, &flt, sizeof(flt));
>> ——————————————————————
>> I’ve got two issues with the IPv6 socket.
>> When I send an MLD query, it is sent on the wire, but the kernel doesn’t interpret it (It doesn’t send MLD Reports as reply).
>> Similarly, when the kernel sends a Report, my MLD Querier socket doesn’t receive the message.
>> The resulting problem is that everything works fine as long as the router doesn’t want to join a group. When it does, my Querier can’t know it, and the kernel doesn’t reply to Querier’s requests.
>> It works well in IPv4.
>> I tried removing the ICMPV6 filter as well as using IPV6_MULTICAST_LOOP.
>> Am I doing something wrong or is it an actual bug ?
>> If you need more information, please ask.
>> Thanks,
>> Pierre
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to
>> More majordomo info at
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to
> More majordomo info at

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists