| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Nov 2014 19:59:41 +0000
From: Spike Curtis <Spike.Curtis@...aswitch.com>
To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Kernel BUG?: IPv6 neighbor discovery fails in network namespace
with TAP interface
One line summary of the problem:
IPv6 neighbor discovery fails in network namespace with TAP interface
Full description of the problem/report:
I'm working in a network namespace (netns), and have several TAP devices as virtual network interfaces, which another process outside the namespace reads and writes.
The problem is that IPv6 neighbor discovery times out over these interfaces. I have a TCP6 session from a loopback assigned address to a remote peer, which is directly connected over the tap interface.
I've monitored the connection with Wireshark: when the TCP6 session is activated, I see Neighbor Solicitation packets sent to the solicited node multicast address for the peer, a response from the peer, and then traffic over TCP6. I don't see any later unicast Neighbor Solicitation probes to the peer address. Instead, I see another multicast probe to the solicited node address. I also see repeated Neighbor Solicitations for the link local address auto-assigned to the TAP interface, but I'm not sure if this is because duplicate address detection is failing, or if Linux periodically probes, or if the TAP interface is cyclically failing at the IPv6 layer (I also run IPv4 traffic over the TAP and there are no interruptions).
When I monitor the IPv6 neighbor cache using 'ip -6 neigh show', I can see the peer address moving to FAILED or INCOMPLETE state (after several iterations of multicast probes seeming to work correctly).
What's odd to me is that
a) The established TCP6 connection doesn't keep the neighbor cache entry fresh
b) I only ever see multicast probes, never a unicast probe for unreachability detection
Anyway, the consequence of all this is that my running TCP6 session fails.
IPv6 forwarding is disabled, and all other IPv6 parameters are at their Ubuntu 14.04 defaults. In particular, ucast_solicit = 3, so it *should* be sending unicast probes.
Nothing related to networking is logged to syslog while all of this is happening.
I've attached a pcap: 2001:400::1:0:0/128 is the local loopback, 2001:400::16:0/127 is the local address, 2001:400::16:1 is the remote IPv6 speaker.
Keywords:
IPv6, ndp, network namespace, TAP
Kernel version (from /proc/version):
Linux version 3.13.0-39-generic (buildd@...ol) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014
Environment
Ubuntu 14.04 LTS, running virtualized on Virtual Box 4.3.15 (Windows 7)
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i7-3687U CPU @ 2.10GHz
stepping : 9
microcode : 0x19
cpu MHz : 2484.699
cache size : 6144 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl pni ssse3 lahf_lm
bogomips : 4969.39
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i7-3687U CPU @ 2.10GHz
stepping : 9
microcode : 0x19
cpu MHz : 2484.699
cache size : 6144 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl pni ssse3 lahf_lm
bogomips : 4969.39
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
$ cat /proc/modules
xt_recent 18498 0 - Live 0x0000000000000000
nfnetlink_queue 22329 0 - Live 0x0000000000000000
nfnetlink_log 17926 0 - Live 0x0000000000000000
nfnetlink 14606 2 nfnetlink_queue,nfnetlink_log, Live 0x0000000000000000
veth 13331 0 - Live 0x0000000000000000
vboxsf 39690 0 - Live 0x0000000000000000 (OX)
bridge 110833 0 - Live 0x0000000000000000
stp 12976 1 bridge, Live 0x0000000000000000
llc 14552 2 bridge,stp, Live 0x0000000000000000
rfcomm 69160 0 - Live 0x0000000000000000
bnep 19624 2 - Live 0x0000000000000000
bluetooth 391136 10 rfcomm,bnep, Live 0x0000000000000000
binfmt_misc 17468 1 - Live 0x0000000000000000
hid_generic 12548 0 - Live 0x0000000000000000
joydev 17381 0 - Live 0x0000000000000000
snd_intel8x0 38153 2 - Live 0x0000000000000000
snd_ac97_codec 130285 1 snd_intel8x0, Live 0x0000000000000000
ac97_bus 12730 1 snd_ac97_codec, Live 0x0000000000000000
snd_pcm 102099 2 snd_intel8x0,snd_ac97_codec, Live 0x0000000000000000
ip6t_REJECT 12939 1 - Live 0x0000000000000000
snd_page_alloc 18710 2 snd_intel8x0,snd_pcm, Live 0x0000000000000000
snd_seq_midi 13324 0 - Live 0x0000000000000000
snd_seq_midi_event 14899 1 snd_seq_midi, Live 0x0000000000000000
xt_hl 12521 6 - Live 0x0000000000000000
ip6t_rt 13537 3 - Live 0x0000000000000000
snd_rawmidi 30144 1 snd_seq_midi, Live 0x0000000000000000
nf_conntrack_ipv6 18894 8 - Live 0x0000000000000000
nf_defrag_ipv6 34768 1 nf_conntrack_ipv6, Live 0x0000000000000000
ipt_REJECT 12541 1 - Live 0x0000000000000000
xt_LOG 17717 10 - Live 0x0000000000000000
snd_seq 61560 2 snd_seq_midi,snd_seq_midi_event, Live 0x0000000000000000
xt_limit 12711 13 - Live 0x0000000000000000
xt_tcpudp 12884 28 - Live 0x0000000000000000
xt_addrtype 12635 4 - Live 0x0000000000000000
snd_seq_device 14497 3 snd_seq_midi,snd_rawmidi,snd_seq, Live 0x0000000000000000
nf_conntrack_ipv4 15012 8 - Live 0x0000000000000000
nf_defrag_ipv4 12758 1 nf_conntrack_ipv4, Live 0x0000000000000000
snd_timer 29482 2 snd_pcm,snd_seq, Live 0x0000000000000000
usbhid 52659 0 - Live 0x0000000000000000
xt_conntrack 12760 16 - Live 0x0000000000000000
hid 106148 2 hid_generic,usbhid, Live 0x0000000000000000
vboxvideo 12658 1 - Live 0x0000000000000000 (OX)
ip6table_filter 12815 1 - Live 0x0000000000000000
drm 303102 2 vboxvideo, Live 0x0000000000000000
ip6_tables 27025 1 ip6table_filter, Live 0x0000000000000000
nf_conntrack_netbios_ns 12665 0 - Live 0x0000000000000000
nf_conntrack_broadcast 12589 1 nf_conntrack_netbios_ns, Live 0x0000000000000000
nf_nat_ftp 12770 0 - Live 0x0000000000000000
nf_nat 21841 1 nf_nat_ftp, Live 0x0000000000000000
nf_conntrack_ftp 18638 1 nf_nat_ftp, Live 0x0000000000000000
nf_conntrack 96976 8 nf_conntrack_ipv6,nf_conntrack_ipv4,xt_conntrack,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_nat_ftp,nf_nat,nf_conntrack_ftp, Live 0x0000000000000000
snd 69322 12 snd_intel8x0,snd_ac97_codec,snd_pcm,snd_seq_midi,snd_rawmidi,snd_seq,snd_seq_device,snd_timer, Live 0x0000000000000000
iptable_filter 12810 1 - Live 0x0000000000000000
ip_tables 27239 1 iptable_filter, Live 0x0000000000000000
x_tables 34059 14 xt_recent,ip6t_REJECT,xt_hl,ip6t_rt,ipt_REJECT,xt_LOG,xt_limit,xt_tcpudp,xt_addrtype,xt_conntrack,ip6table_filter,ip6_tables,iptable_filter,ip_tables, Live 0x0000000000000000
serio_raw 13462 0 - Live 0x0000000000000000
i2c_piix4 22155 0 - Live 0x0000000000000000
soundcore 12680 1 snd, Live 0x0000000000000000
vboxguest 248675 7 vboxsf, Live 0x0000000000000000 (OX)
parport_pc 32701 0 - Live 0x0000000000000000
ppdev 17671 0 - Live 0x0000000000000000
mac_hid 13205 0 - Live 0x0000000000000000
lp 17759 0 - Live 0x0000000000000000
parport 42348 3 parport_pc,ppdev,lp, Live 0x0000000000000000
psmouse 106714 0 - Live 0x0000000000000000
ahci 25819 2 - Live 0x0000000000000000
libahci 32716 1 ahci, Live 0x0000000000000000
e1000 145174 0 - Live 0x0000000000000000
Download attachment "ipv6ndp.pcap" of type "application/octet-stream" (38786 bytes)
Powered by blists - more mailing lists