lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20160711.134848.216095848280988851.davem@davemloft.net>
Date:	Mon, 11 Jul 2016 13:48:48 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	bjorn@...k.no
Cc:	netdev@...r.kernel.org, Valdis.Kletnieks@...edu, jonas@...puner.ca,
	hideaki.yoshifuji@...aclelinux.com
Subject: Re: [PATCH v2 net] ipv6: addrconf: fix Juniper SSL VPN client
 regression

From: Bjørn Mork <bjorn@...k.no>
Date: Mon, 11 Jul 2016 16:43:50 +0200

> The Juniper SSL VPN client use a "tun" interface and seems to
> be picky about visible changes.to it. Commit cc9da6cc4f56
> ("ipv6: addrconf: use stable address generator for ARPHRD_NONE")
> made such interfaces get an auto-generated IPv6 link local address
> by default, similar to most other interface types. This made the
> Juniper SSL VPN client fail for unknown reasons.
> 
> Fixing this regression by adding a new private netdevice flag
> which disables automatic IPv6 link local address generation, and
> making the flag default for "tun" devices.
> 
> Setting an explicit addrgenmode will disable the flag, so userspace
> can choose to enable automatic LL generation by selecting a suitable
> addrgenmode.
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=121131
> Fixes: cc9da6cc4f56 ("ipv6: addrconf: use stable address generator for ARPHRD_NONE")
> Reported-by: Valdis Kletnieks <Valdis.Kletnieks@...edu>
> Reported-by: Jonas Lippuner <jonas@...puner.ca>
> Suggested-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> Cc: 吉藤英明 <hideaki.yoshifuji@...aclelinux.com>
> Signed-off-by: Bjørn Mork <bjorn@...k.no>

What really irks me is that we "fixing" something without knowing what
actually is the problem.

Someone needs to figure out exactly what is making the Juniper thing
unhappy.  It really shouldn't care if a link local address is assigned
to the tun device, this is fundamental ipv6 stuff.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ