lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADiZnkRRJCrHu_QkwNb3G49gdyicJkbeB8YctrMb6jZc9uq6rg@mail.gmail.com>
Date:   Tue, 24 Apr 2018 11:27:23 +0530
From:   Sukumar Gopalakrishnan <sukumarg1973@...il.com>
To:     netdev@...r.kernel.org
Subject: VRF: Ingress IPv6 Linklocal/Multicast destined pkt from slave VRF
 device does not map to Master device socket

VRF: Ingress IPv6 Linklocal/Multicast pkt from slave VRF device does
not map to Master device socket.

KERNEL VERSION:
================
4.14.28

BUG REPORT:
============
https://bugzilla.kernel.org/show_bug.cgi?id=199409

CONFIGURATION  AND PROBLEM ROOT CAUSE:
========================================

1) Created VRF device(Vrf_258) and enslaved network device(v1_F4246) to this
VRF.

/exos/bin # ip link show v1_F4246
54: v1_F4246: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vrf_258 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 00:04:96:98:c9:18 brd ff:ff:ff:ff:ff:ff

/exos/bin # ip link show vrf_258
14: vrf_258: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UP mode DEFAULT group default qlen 1000
    link/ether 00:04:96:98:c9:18 brd ff:ff:ff:ff:ff:ff


2) Opened PIM protocol raw socket for AF_INET6 family

pim_socket = socket(AF_INET6, SOCK_RAW , IPPROTO_PIM )


3) PIM user daemon process per VRF so opened RX socket SO_BINDTODEVICE
to VRF_258 netdevice.
PIM control packets ingressing any slave devices belongs to this
master VRF device should be sent to this socket.


4) Ingressing PIM hello control packets which is having SrcIP =
fe80::204:96ff:fe98:c918 (IPv6 Link-local) and DestIP = ff02::0d
(Multicast pkt)
does not mapped to vrf_258 bounded socket and gets dropped in socket
lookup function.


5)  inet6_iif() is returning v1_F4246's ifindex 54 and inet6_sdif()
returns value zero.

__raw_v6_lookup(net, sk, nexthdr, daddr, saddr, inet6_iif(skb),
inet6_sdif(skb));


sk->sk_bound_dev_if is having vrf_258(ifIndex value 14)  but dif(value
54) and sdif(value 0) does not match this socket hence socket not
found.

struct sock *__raw_v6_lookup(struct net *net, struct sock *sk,
                unsigned short num, const struct in6_addr *loc_addr,
                const struct in6_addr *rmt_addr, int dif, int sdif) {
<snip>
..
if (sk->sk_bound_dev_if &&
                            sk->sk_bound_dev_if != dif &&
                            sk->sk_bound_dev_if != sdif)
..

<snip>

}


6) This problem is seen for Raw, Udp and TCP socket look up function
for IPv6 packets destined to linklocal or multicast address.

7) This issue do not occur for all types of IPV4 address and IPv6
unicast global address.



TEMP FIX:
=========

Get master device address from (skb->dev) and  pass master  to socket
lookup up function for Ipv6 Linklocal/Multicast address.

ipv6_raw_deliver()
{
int mdif;
..
..
        mdif = (((nexthdr == IPPROTO_PIM || nexthdr == 89 /* IPPROTO_OSPF */ ||
                nexthdr == IPPROTO_ICMPV6 || nexthdr == 112 /*IPPROTO_VRRP*/) &&
                (ipv6_addr_type(daddr) &
                (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL))) ?
                l3mdev_master_ifindex_rcu(skb->dev) : inet6_iif(skb));


        sk = __raw_v6_lookup(net, sk, nexthdr, daddr, saddr, mdif,
inet6_sdif(skb));

...
..
}


Regards,
Sukumar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ