lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211231155325.GB1657469@euler>
Date:   Fri, 31 Dec 2021 07:53:25 -0800
From:   Colin Foster <colin.foster@...advantage.com>
To:     Alexandre Belloni <alexandre.belloni@...tlin.com>
Cc:     netdev@...r.kernel.org, Vladimir Oltean <olteanv@...il.com>,
        Horatiu Vultur <horatiu.vultur@...rochip.com>
Subject: Re: packets trickling out of STP-blocked ports

On Fri, Dec 31, 2021 at 04:17:44PM +0100, Alexandre Belloni wrote:
> On 31/12/2021 07:06:51-0800, Colin Foster wrote:
> > Hi Alexandre
> > 
> > On Fri, Dec 31, 2021 at 11:27:16AM +0100, Alexandre Belloni wrote:
> > > Hi,
> > > 
> > > On 30/12/2021 15:07:40-0800, Colin Foster wrote:
> > > > Hi all,
> > > > 
> > > > An idea of how frequently this happens - my system has been currently up
> > > > for 3700 seconds. Eight "own address as source address" events have
> > > > happened at 66, 96, 156, 279, 509, 996, 1897, and 3699 seconds. 
> > > > 
> > > 
> > > This is something I solved back in 2017. I can exactly remember how, you
> 
> Sorry, I meant "I can't exactly" ;)
> 
> > > can try:
> > > 
> > > sysctl -w net.ipv6.conf.swp3.autoconf=0
> > 
> > That sounds very promising! Sorry you had to fix my system config, but
> > glad that this all makes perfect sense. 
> > 
> 
> Let me know if this works ;) The bottom line being that you should
> probably disable ipv6 autoconf on individual interfaces and then enable
> it on the bridge.

Just gave it a shot. No luck.

But poking around sysctl there's
net.ipv6.conf.swp3.router_solicitation{s,_delay,_interval,_max_interval}

As Andrew hints at, there might be some unintended consequences. It
seems that writing -1 to net.ipv6.conf.swp3.router_solicitation_delay
"fixed it." I don't know how that'll affect an IPv6 network in
production.

> 
> 
> -- 
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ