From: Mark Huth <mhuth@mvista.com>
To: netdev@oss.sgi.com
Subject: tcp_ipv6_check_established
Date: Tue, 11 May 2004 16:37:08 -0700 [thread overview]
Message-ID: <40A163A4.8050905@mvista.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1449 bytes --]
There appears to be a long-standing bug in tcp_ipv6_check_established
that results in the return of EADDRNOTAVAILABLE from connect(). It can
be demonstrated in the following scenario:
The following scenario fails in most known ipv6 linuxes
All within a single node.
Host has two IPv6 addresses:
dead:dead:dead:dead::1/128
dead:dead:dead:dead::2/128
Application A creates two listening sockets:
dead:dead:dead:dead::1 49997
dead:dead:dead:dead::2 49997
Application B creates a TCP-connection:
from dead:dead:dead:dead::1 49998 to dead:dead:dead:dead::2 49997
Application C creates a TCP-connection:
from dead:dead:dead:dead::2 49998 to dead:dead:dead:dead::1 49997
However, the latter operation fails, and connect() returns
EADDRNOTAVAILABLE. Meaning that the host already has such a connection and
the new one cannot be created. Clearly there is no identical connection
used (different ports), thus connect() misbehaves.
All sockets use SO_REUSEADDR-option, and all sockets bind() their source
address and source ports before the attempted connect().
While the above may be somewhat contrived, the code is wrong by inspection.
The check for the established connections interates on sk2, while the macro
argument for TCP_IPV6_MATCH is sk. Thus the check result is invarient over the loop.
A proposed patch for 2.6.6 is attached. A similar patch is required for 2.4 kernels, and is
also attached.
Mark Huth
[-- Attachment #2: tcp_ipv6_check_est-2.6.6.patch --]
[-- Type: application/octet-stream, Size: 456 bytes --]
diff -ur linux-2.6.6/net/ipv6/tcp_ipv6.c linux-2.6.6-patch/net/ipv6/tcp_ipv6.c
--- linux-2.6.6/net/ipv6/tcp_ipv6.c 2004-05-09 19:32:38.000000000 -0700
+++ linux-2.6.6-patch/net/ipv6/tcp_ipv6.c 2004-05-11 11:19:24.000000000 -0700
@@ -479,7 +479,7 @@
/* And established part... */
sk_for_each(sk2, node, &head->chain) {
- if(TCP_IPV6_MATCH(sk, saddr, daddr, ports, dif))
+ if(TCP_IPV6_MATCH(sk2, saddr, daddr, ports, dif))
goto not_unique;
}
[-- Attachment #3: tcp_ipv6_check_est-2.4.20.patch --]
[-- Type: application/octet-stream, Size: 450 bytes --]
diff -ur --exclude CVS linux/net/ipv6/tcp_ipv6.c linux_patch/net/ipv6/tcp_ipv6.c
--- linux/net/ipv6/tcp_ipv6.c 2003-10-02 12:03:53.000000000 -0700
+++ linux_patch/net/ipv6/tcp_ipv6.c 2004-05-10 18:00:14.000000000 -0700
@@ -454,7 +454,7 @@
tw = NULL;
for(skp = &head->chain; (sk2=*skp)!=NULL; skp = &sk2->next) {
- if(TCP_IPV6_MATCH(sk, saddr, daddr, ports, dif))
+ if(TCP_IPV6_MATCH(sk2, saddr, daddr, ports, dif))
goto not_unique;
}
next reply other threads:[~2004-05-11 23:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-11 23:37 Mark Huth [this message]
2004-05-18 7:22 ` tcp_ipv6_check_established YOSHIFUJI Hideaki / 吉藤英明
2004-05-20 6:29 ` tcp_ipv6_check_established David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40A163A4.8050905@mvista.com \
--to=mhuth@mvista.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).