netdev - Re: [PATCH net] net: icmp6: do not select saddr from iif when route has prefsrc set

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-Id: <20200407.182602.1498281523766862127.davem@davemloft.net>
Date:   Tue, 07 Apr 2020 18:26:02 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     code@...stallard.me.uk
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH net] net: icmp6: do not select saddr from iif when
 route has prefsrc set

From: Tim Stallard <code@...stallard.me.uk>
Date: Fri,  3 Apr 2020 21:22:57 +0100

> Since commit fac6fce9bdb5 ("net: icmp6: provide input address for
> traceroute6") ICMPv6 errors have source addresses from the ingress
> interface. However, this overrides when source address selection is
> influenced by setting preferred source addresses on routes.
> 
> This can result in ICMP errors being lost to upstream BCP38 filters
> when the wrong source addresses are used, breaking path MTU discovery
> and traceroute.
> 
> This patch sets the modified source address selection to only take place
> when the route used has no prefsrc set.
 ...
> Fixes: fac6fce9bdb5 ("net: icmp6: provide input address for traceroute6")
> Signed-off-by: Tim Stallard <code@...stallard.me.uk>

Applied, thanks.