lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 8 Mar 2022 21:50:01 -0700
From:   David Ahern <>
To:     "Xiao, Jiguang" <>,
        "" <>,
        "" <>,
        "" <>,
        "" <>,
        "" <>
Cc:     "Pudak, Filip" <>
Subject: Re: This counter "ip6InNoRoutes" does not follow the RFC4293
 specification implementation

On 3/8/22 7:16 PM, Xiao, Jiguang wrote:
> Hi David
> To confirm whether my test method is correct, could you please briefly describe your test procedure? 

no formal test. Code analysis (ip6_pkt_discard{,_out} -> ip6_pkt_drop)
shows the counters that should be incrementing and then looking at the
counters on a local server.

FIB Lookup failures should generate a dst with one of these handlers:

static void ip6_rt_init_dst_reject(struct rt6_info *rt, u8 fib6_type)
        rt->dst.error = ip6_rt_type_to_error(fib6_type);

        switch (fib6_type) {
        case RTN_BLACKHOLE:
                rt->dst.output = dst_discard_out;
                rt->dst.input = dst_discard;
        case RTN_PROHIBIT:
                rt->dst.output = ip6_pkt_prohibit_out;
                rt->dst.input = ip6_pkt_prohibit;
        case RTN_THROW:
        case RTN_UNREACHABLE:
                rt->dst.output = ip6_pkt_discard_out;
                rt->dst.input = ip6_pkt_discard;

They all drop the packet with a given counter bumped.

Powered by blists - more mailing lists