lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <fcb3d6853922beec880dda255e249288@nexedi.com>
Date:   Fri, 26 Jun 2020 09:20:43 +0000
From:   thomas.gambier@...edi.com
To:     David Ahern <dsahern@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Cc:     netdev@...r.kernel.org, Julien Muchembled <jm@...edi.com>,
        Jean-Paul Smets <jp@...edi.com>
Subject: PROBLEM: can't ping anycast IPv6 address on lo interface

Hello,

this is the first time I report a bug to the kernel team. Please let me 
know if there are any missing information or if I should post on 
bugzilla instead.


Since Linux 5.2, I can't ping anycast address on lo interface.

If you enable IPv6 forwarding for an interface and add a IPv6 address 
range on this interface, it is possible to ping the addres 0 of the 
range (anycast address). This doesn't work for "lo" interface since 
Linux 5.2.

I bisected to find that the commit 
c7a1ce397adacaf5d4bb2eab0a738b5f80dc3e43 
(https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c7a1ce397adacaf5d4bb2eab0a738b5f80dc3e43) 
introduced the regression. Please note that the regression is still 
present on master branch of net repository (commit 
2570284060b48f3f79d8f1a2698792f36c385e9a from yesterday).

I attach my config file to this email (this config was used to compile 
latest master branch).

In order to reproduce you can use this small script:

root@...nel-compil-vm:~# cat test.bash
#! /bin/bash
echo 1 >  /proc/sys/net/ipv6/conf/all/forwarding
ip -6 a add fc12::1/16 dev lo
sleep 2
echo "pinging lo"
ping6 -c 2 fc12::


Before the regression you will see:
pinging lo
PING fc12::(fc12::) 56 data bytes
64 bytes from fc12::1: icmp_seq=1 ttl=64 time=0.111 ms
64 bytes from fc12::1: icmp_seq=2 ttl=64 time=0.062 ms


After the regression you will see:
pinging lo
PING fc12::(fc12::) 56 data bytes
 From fc12::: icmp_seq=1 Destination unreachable: No route
 From fc12::: icmp_seq=2 Destination unreachable: No route




Please note that if you test this on any physical ethernet interface, it 
still works properly.


For a bit of context, I'm one of the maintainer of re6st 
(https://re6st.nexedi.com) free software. This software gives an IPv6 
address range to a machine. By default it will assign it to lo interface 
and the current implementation is giving the address 1 of the range to 
the machine. But in order to keep maximum flexibility, we are contacting 
the machines on the re6st network using the anycast address of the 
range. We started to notice that it didn't work anymore on Ubuntu 20.04 
(Linux 5.4) and then we started to investigate up to this bug report.


Let me know if you need anything else.

Regards.

Thomas.

Download attachment "config.gz" of type "application/x-gzip" (33986 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ