lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 18 Aug 2015 12:01:10 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	andrew@...n.ch
Cc:	netdev@...r.kernel.org
Subject: Re: [net-next RFC] net: ipv4: Send IGMP messages from highest
 scoped address

From: Andrew Lunn <andrew@...n.ch>
Date: Tue, 18 Aug 2015 15:36:41 +0200

> We currently take the first address from the interface which is scope
> link or higher.
> 
> Historically, the global scope address would of been used, but my
> previous fix, which stopped it taking a global scope address from a
> different interface altogether under some conditions, changed this
> behaviour.
> 
> The first address from the interface, then broke one of my use
> case. The querier is only in one of the subnets on this interface, and
> using an address from the global scope address range. It then drops
> the membership reports when they are sent from the first address on
> the interface. This is why i want to restore the previous behaviour,
> take the global scope address from this interface.
> 
> The patch works for me and is restoring previous behaviour, but is
> that sufficient to make it correct?

Preferring link-scope addresses make so much more sense for me.

The querier is on the local network, and he can do things like the
validity check on the subnet of the source address to try and avoid
forged IGMP responses.

So if anything I'd be advising you to change the code to prefer
link local addresses on the interface and keep avoiding global
addresses, as it is the only correct source address selection
scheme I can think of for IGMPs.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ