| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0f49737f-f6d1-6025-4eb2-2cabc2f88688@gmail.com>
Date: Mon, 15 May 2017 05:56:29 -0600
From: David Ahern <dsahern@...il.com>
To: Mahesh Bandewar <mahesh@...dewar.net>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
James Morris <jmorris@...ei.org>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Patrick McHardy <kaber@...sh.net>,
netdev <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>
Cc: Eric Dumazet <edumazet@...gle.com>,
Mahesh Bandewar <maheshb@...gle.com>
Subject: Re: [PATCH net] ipv6: avoid dad-failures for addresses with NODAD
On 5/12/17 6:03 PM, Mahesh Bandewar wrote:
> From: Mahesh Bandewar <maheshb@...gle.com>
>
> Every address gets added with TENTATIVE flag even for the addresses with
> IFA_F_NODAD flag and dad-work is scheduled for them. During this DAD process
> we realize it's an address with NODAD and complete the process without
> sending any probe. However the TENTATIVE flags stays on the
> address for sometime enough to cause misinterpretation when we receive a NS.
> While processing NS, if the address has TENTATIVE flag, we mark it DADFAILED
> and endup with an address that was originally configured as NODAD with
> DADFAILED.
>
> We can't avoid scheduling dad_work for addresses with NODAD but we can
> avoid adding TENTATIVE flag to avoid this racy situation.
>
> Signed-off-by: Mahesh Bandewar <maheshb@...gle.com>
> ---
> net/ipv6/addrconf.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index b09ac38d8dc4..53f2dc092023 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -1022,7 +1022,10 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
> INIT_HLIST_NODE(&ifa->addr_lst);
> ifa->scope = scope;
> ifa->prefix_len = pfxlen;
> - ifa->flags = flags | IFA_F_TENTATIVE;
> + ifa->flags = flags;
> + /* No need to add the TENTATIVE flag for addresses with NODAD */
> + if (!(flags & IFA_F_NODAD))
> + ifa->flags |= IFA_F_TENTATIVE;
> ifa->valid_lft = valid_lft;
> ifa->prefered_lft = prefered_lft;
> ifa->cstamp = ifa->tstamp = jiffies;
>
LGTM.
Acked-by: David Ahern <dsahern@...il.com>
Powered by blists - more mailing lists