lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 17 Aug 2016 00:21:40 +0900
From:	Lorenzo Colitti <lorenzo@...gle.com>
To:	YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>
Cc:	David Ahern <dsa@...ulusnetworks.com>, Erik Kline <ek@...gle.com>,
	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>,
	Hannes Frederic Sowa <hannes@...essinduktion.org>
Subject: Re: [PATCH net] net: ipv6: Fix ping to link-local addresses.

On Mon, Aug 15, 2016 at 4:39 PM, YOSHIFUJI Hideaki
<hideaki.yoshifuji@...aclelinux.com> wrote:
>
> > and then in the various sendmsg functions:
> >
> >         if (!inet_check_bound_oif(sk, oif))
> >                 return -EINVAL;
> >
>
> Yes, something like that.

There's another complication. inet6_bind and raw_bind take
sin6_scope_id and assign it to sk_bound_dev_if:

        if (addr_len >= sizeof(struct sockaddr_in6) &&
            addr->sin6_scope_id) {
                if (addr->sin6_scope_id != sk
                        /* Override any existing binding, if another
                         * one is supplied by user.
                         */
                         sk->sk_bound_dev_if = addr->sin6_scope_id;
                }

The reason they do this is that the only place in the socket to
score the scope ID is sk_bound_dev_if. The scope ID has to be stored
in the socket, because it's the only way to ensure the semantics of
scoped addresses, where the address without the scope ID is not
unique, and thus the scope ID is effectively part of the address. For
example:

1.  A socket bound to fe80::1%eth0 and a socket bound to fe80::1%wlan0
    must never see each other's packets. This means that things like
    udp6_lib_lookup must take the scope ID into account.
2. Calling getpeername() on a socket that's bound to fe80::1%eth0 must
    return eth0's ifindex in sin6_scope_id.

Unless we add a scope ID field to the socket, changing this behaviour
would cause substantial breakage. It's perfectly legal to bind a
socket to fe80::1%eth0 and then fe80::2%wlan0, for example. So we
can't just say that sk_bound_dev_if must always take precedence on
sin6_scope_id.

I also don't see how the VRF behaviour where sk_bound_dev_if sets the
master interface and pktinto selects the slave interface" can be made
to work at all in the presence of scoped addresses. I don't see any
way to support a socket bound to fe80::1%eth0 and a socket bound to
fe80::1%wlan0 in the same VRF.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ