lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 24 Jun 2024 16:15:31 +0200
From: Mathis Marion <Mathis.Marion@...abs.com>
To: "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>,
        Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jérôme Pouiller <jerome.pouiller@...abs.com>,
        Kylian Balan <kylian.balan@...abs.com>,
        Alexander Aring <alex.aring@...il.com>,
        Mathis Marion <mathis.marion@...abs.com>
Subject: [PATCH v1 0/2] ipv6: always accept routing headers with 0 segments left

From: Mathis Marion <mathis.marion@...abs.com>

Hello maintainers,

Here is a bit of context for this series: Silicon Labs is working
on implementing a Wi-SUN[1] routing daemon for Linux[2]. Wi-SUN uses
RPL[3] for routing, which uses a specialized IPv6 routing header[4],
supported by a kernel module[5]. Currently, our border router daemon
does not rely on that kernel module and instead inserts the Source
Routing Header (SRH) in userspace after reading the IPv6 packet from a
TUN device.

Future development is now geared towards a router implementation (as
opposed to a border router), which does not insert the SRH but instead
processes it. The first step was to implement a leaf node, which always
receive a SRH with 0 segments left. Even without having the RPL kernel
module enabled, I was expecting the kernel to properly receive these
packets, but they were instead being dropped. Looking at the kernel
code, it seems that the SRH would have been accepted before
8610c7c6e3bd ("net: ipv6: add support for rpl sr exthdr").

[1]: https://wi-sun.org/
[2]: https://github.com/SiliconLabs/wisun-br-linux
[3]: https://www.rfc-editor.org/rfc/rfc6550.html
[4]: https://www.rfc-editor.org/rfc/rfc6554.html
[5]: https://elixir.bootlin.com/linux/v6.9/source/net/ipv6/Kconfig#L322

Mathis Marion (2):
  ipv6: introduce ipv6_rthdr_rcv_last()
  ipv6: always accept routing headers with 0 segments left

 net/ipv6/exthdrs.c | 124 ++++++++++++++++++---------------------------
 1 file changed, 48 insertions(+), 76 deletions(-)

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ