From: Ding Tianhong <dingtianhong@huawei.com>
To: "David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>,
Netdev <netdev@vger.kernel.org>
Subject: Re: [PATCH 1/3 v2] ipv6: do not disable temp_address when reaching max_address
Date: Wed, 14 Aug 2013 09:34:22 +0800 [thread overview]
Message-ID: <520ADE9E.8070700@huawei.com> (raw)
In-Reply-To: <20130813110521.GE27385@order.stressinduktion.org>
On 2013/8/13 19:05, Hannes Frederic Sowa wrote:
> On Tue, Aug 13, 2013 at 03:57:14PM +0800, Ding Tianhong wrote:
>> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
>> index da4241c..72911fd 100644
>> --- a/net/ipv6/addrconf.c
>> +++ b/net/ipv6/addrconf.c
>> @@ -1134,10 +1134,27 @@ retry:
>> if (IS_ERR_OR_NULL(ift)) {
>> in6_ifa_put(ifp);
>> in6_dev_put(idev);
>> - pr_info("%s: retry temporary address regeneration\n", __func__);
>> - tmpaddr = &addr;
>> - write_lock(&idev->lock);
>> - goto retry;
>> +
>> + /* According RFC4941 3.3.7:
>> + * If DAD indicates the address is already in use,
>> + * the node must generate a new randomized interface
>> + * identifier as described in section 3.2 above, and
>> + * repeat the previous steps as appropriate up to
>> + * TEMP_IDGEN_RETRIES times.
>> + * If after TEMP_IDGEN_RETRIES consecutive attempts no
>> + * non-unique address was generated, the node must log
>> + * a system error and must not attempt to generate
>> + * temporary address for that interface.
>> + * So we have to check the return err and distinguish
>> + * the correct retry path.
>> + */
>> + if (PTR_ERR(ift) == -EEXIST) {
>> + pr_info("%s: retry temporary address regeneration\n", __func__);
>> + tmpaddr = &addr;
>> + write_lock(&idev->lock);
>> + goto retry;
>> + } else
>> + goto out;
>
> Correct me if I am wrong, but the RFC referes by mentioning "in use" to
> allocated on the subnet and not in use by this host. I don't see how this
> fixes the CVE then. dad is triggered by ipv6_add_addr.
>
> Greetings,
>
> Hannes
>
Reference:
-> http://seclists.org/oss-sec/2012/q4/292
-> http://seclists.org/oss-sec/2013/q1/92
I think the point is after the ./flood_route26 attack,
the proc/sys/net/ipv6/conf/iface/use_tempaddr will change from 2 to -1,
whether is correct? :)
regards
Ding Tianhong
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> .
>
prev parent reply other threads:[~2013-08-14 1:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-13 7:57 [PATCH 1/3 v2] ipv6: do not disable temp_address when reaching max_address Ding Tianhong
2013-08-13 11:05 ` Hannes Frederic Sowa
2013-08-13 11:53 ` Hannes Frederic Sowa
2013-08-14 1:39 ` Ding Tianhong
2013-08-14 1:34 ` Ding Tianhong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=520ADE9E.8070700@huawei.com \
--to=dingtianhong@huawei.com \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.