lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 22 Dec 2015 22:50:04 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Marc Haber <mh+netdev@...schlus.de>, netdev@...r.kernel.org
Subject: Re: IPv6 route to gateway on fe80::1%eth0 when I have fe80::1%br0
 locally

Hi Marc,

On 22.12.2015 22:28, Marc Haber wrote:
> Hi Hannes,
> 
> thanks for your mail.
> 
> On Tue, Dec 22, 2015 at 04:15:14PM +0100, Hannes Frederic Sowa wrote:
>> On 12.12.2015 20:58, Marc Haber wrote:
>>> Any hints would be appreciated.
>>
>> This sysctl should help:
>>
>> accept_ra_from_local - BOOLEAN
>>         Accept RA with source-address that is found on local machine
>>         if the RA is otherwise proper and able to be accepted.
>>         Default is to NOT accept these as it may be an un-intended
>>         network loop.
>>
>>         Functional default:
>>            enabled if accept_ra_from_local is enabled
>>                on a specific interface.
>>            disabled if accept_ra_from_local is disabled
>>                on a specific interface.
>>
>> Anyway, this has to be fixed up in a clean way and should work by default.
> 
> The clean way would be:
> 
> accept_ra_from_local=0: never accept RA with source-address that is
>   found on local machine
> accept_ra_from_local=1: always accept RA with source-address that is
>   found on local machine. Dangerous.
> accept_ra_from_local=2: only accept RA with link local source-address
>   that is found on local machine, and not if received RA points to an
>   address that is locally configured on the same interface. Default.
> 
> Shall I file a bug for this in bugzilla?

Thanks but no need to do that, I already cooked a patch and will submit
tomorrow after some testing. We don't need to enhance the sysctl,
default should be to simply check the interface too if a route with
link-local address is received.

Bye,
Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ