lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CA+FuTSf7oXy3xQ8yetP7e8q_bpf_FwHmW5QHdQL7csz0i0O56w@mail.gmail.com>
Date:   Fri, 25 Jun 2021 13:56:47 -0400
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Andreas Roeseler <andreas.a.roeseler@...il.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net,
        yoshfuji@...ux-ipv6.org, dsahern@...nel.org, kuba@...nel.org,
        willemdebruijn.kernel@...il.com
Subject: Re: [PATCH net-next V3] ipv6: ICMPV6: add response to ICMPV6 RFC 8335
 PROBE messages

On Fri, Jun 25, 2021 at 11:19 AM Andreas Roeseler
<andreas.a.roeseler@...il.com> wrote:
>
> This patch builds off of commit 2b246b2569cd2ac6ff700d0dce56b8bae29b1842
> and adds functionality to respond to ICMPV6 PROBE requests.
>
> Add icmp_build_probe function to construct PROBE requests for both
> ICMPV4 and ICMPV6.
>
> Modify icmpv6_rcv to detect ICMPV6 PROBE messages and call the
> icmpv6_echo_reply handler.
>
> Modify icmpv6_echo_reply to build a PROBE response message based on the
> queried interface.
>
> This patch has been tested using a branch of the iputils git repo which can
> be found here: https://github.com/Juniper-Clinic-2020/iputils/tree/probe-request
>
> Signed-off-by: Andreas Roeseler <andreas.a.roeseler@...il.com>
> ---
> Changes:
> v1 -> v2:
> Suggested by: Willem de Bruijn <willemdebruijn.kernel@...il.com>
> - Do not add sysctl for ICMPV6 PROBE control and instead use existing
>   ICMPV4 sysctl.
> - Add icmp_build_probe function to construct PROBE responses for both
>   ICMPV4 and ICMPV6.
>
> v2 -> v3:
> Suggested by: Willem de Bruijn <willemdebruijn.kernel@...il.com>
> - Move icmp_build_probe helper to after icmp_echo to reduce diff size.
> - Export icmp_build_probe for use in icmpv6_echo_reply when compiled
>   modularly.
> - Simplify icmp_echo control flow by removing extra if statement.
> - Simplify icmpv6 handler case statements.

> @@ -908,14 +921,12 @@ static int icmpv6_rcv(struct sk_buff *skb)
>
>         switch (type) {
>         case ICMPV6_ECHO_REQUEST:
> +       case ICMPV6_EXT_ECHO_REQUEST:
>                 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
>                         icmpv6_echo_reply(skb);
>                 break;

On second thought, maybe it is cleaner to keep a separate case, and
then check both sysctls here:

 +       case ICMPV6_EXT_ECHO_REQUEST:
 +               if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
 +                  net->ipv4.sysctl_icmp_echo_enable_probe)
 +                       icmpv6_echo_reply(skb);
 +               break;

>         case ICMPV6_ECHO_REPLY:
> -               success = ping_rcv(skb);
> -               break;
> -

Unintended removal

>         case ICMPV6_EXT_ECHO_REPLY:
>                 success = ping_rcv(skb);
>                 break;
> --
> 2.32.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ