[PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Dave Johnson]

ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.

SCTP uses this function and will fail bind() and connect() calls that
use RFC4193 addresses, SCTP will also ignore inbound connections from
RFC4193 addresses if listening on IPV6_ADDR_ANY.

There may be other users of ipv6_addr_type() that could also have
problems.

Signed-off-by: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>
Cc: Srinivas Akkipeddi <sakkiped@starentnetworks.com>

===== net/ipv6/addrconf_core.c 1.2 vs edited =====
--- 1.2/net/ipv6/addrconf_core.c	2007-02-26 14:42:57 -05:00
+++ edited/net/ipv6/addrconf_core.c	2007-07-25 15:21:41 -04:00
@@ -50,6 +50,9 @@
 	if ((st & htonl(0xFFC00000)) == htonl(0xFEC00000))
 		return (IPV6_ADDR_SITELOCAL | IPV6_ADDR_UNICAST |
 			IPV6_ADDR_SCOPE_TYPE(IPV6_ADDR_SCOPE_SITELOCAL));		/* addr-select 3.1 */
+	if ((st & htonl(0xFE000000)) == htonl(0xFC000000))
+		return (IPV6_ADDR_UNICAST |
+			IPV6_ADDR_SCOPE_TYPE(IPV6_ADDR_SCOPE_GLOBAL));			/* RFC 4193 */
 
 	if ((addr->s6_addr32[0] | addr->s6_addr32[1]) == 0) {
 		if (addr->s6_addr32[2] == 0) {

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[David Miller]

From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>
Date: Wed, 25 Jul 2007 19:49:09 -0400

> 
> ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
> Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.
> 
> SCTP uses this function and will fail bind() and connect() calls that
> use RFC4193 addresses, SCTP will also ignore inbound connections from
> RFC4193 addresses if listening on IPV6_ADDR_ANY.
> 
> There may be other users of ipv6_addr_type() that could also have
> problems.

Contrarily, there may be ipv6_addr_type() call sites that really
do want to reject rfc4193 addresses.

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Dave Johnson]

David Miller writes:
> Contrarily, there may be ipv6_addr_type() call sites that really
> do want to reject rfc4193 addresses.

A quick look through the callers and only these functions should be
effected, they check either RESERVED or UNICAST from ipv6_addr_type():

net/ipv6/addrconf.c:                ipv6_dev_get_saddr()
net/ipv6/exthdrs.c:                 ipv6_dest_hao()   
net/ipv6/ip6_tunnel.c:              ip6_tnl_set_cap()
net/ipv6/netfilter/ip6t_REJECT.c:   send_reset()
net/ipv6/route.c:                   ip6_route_add()
net/ipv6/route.c:                   ip6_pkt_drop()
net/sctp/ipv6.c:                    sctp_v6_available()
net/sctp/ipv6.c:                    sctp_v6_addr_valid()

-- 
Dave Johnson
Starent Networks

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Simon Arlott]

On 26/07/07 00:49, Dave Johnson wrote:
> ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
> Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.

> +	if ((st & htonl(0xFE000000)) == htonl(0xFC000000))
> +		return (IPV6_ADDR_UNICAST |
> +			IPV6_ADDR_SCOPE_TYPE(IPV6_ADDR_SCOPE_GLOBAL));			/* RFC 4193 */

But ULA's scope isn't global, shouldn't it be IPV6_ADDR_SCOPE_ORGLOCAL ?

-- 
Simon Arlott

Re: [Lksctp-developers] [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Vlad Yasevich]

Dave Johnson wrote:
> David Miller writes:
>> Contrarily, there may be ipv6_addr_type() call sites that really
>> do want to reject rfc4193 addresses.
> 
> A quick look through the callers and only these functions should be
> effected, they check either RESERVED or UNICAST from ipv6_addr_type():
> 
> net/ipv6/addrconf.c:                ipv6_dev_get_saddr()
> net/ipv6/exthdrs.c:                 ipv6_dest_hao()   
> net/ipv6/ip6_tunnel.c:              ip6_tnl_set_cap()
> net/ipv6/netfilter/ip6t_REJECT.c:   send_reset()
> net/ipv6/route.c:                   ip6_route_add()
> net/ipv6/route.c:                   ip6_pkt_drop()
> net/sctp/ipv6.c:                    sctp_v6_available()
> net/sctp/ipv6.c:                    sctp_v6_addr_valid()
> 

Well, it's not just for SCTP.  ULA address are considered of Global scope.
See this message
	http://marc.info/?l=linux-netdev&m=118492205915816&w=2

-vlad

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Dave Johnson]

Simon Arlott writes:
> But ULA's scope isn't global, shouldn't it be IPV6_ADDR_SCOPE_ORGLOCAL ?

Isn't ORGLOCAL defined for multicast only?

rfc4193 section 3.3 says:

> 3.3. Scope Definition
>    By default, the scope of these addresses is global.  That is, they
>    are not limited by ambiguity like the site-local addresses defined in
>    [ADDARCH]. 


-- 
Dave Johnson
Starent Networks

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Rémi Denis-Courmont]

On Thursday 26 July 2007 20:21:59 Simon Arlott wrote:
> On 26/07/07 00:49, Dave Johnson wrote:
> > ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
> > Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.
> >
> > +	if ((st & htonl(0xFE000000)) == htonl(0xFC000000))
> > +		return (IPV6_ADDR_UNICAST |
> > +			IPV6_ADDR_SCOPE_TYPE(IPV6_ADDR_SCOPE_GLOBAL));			/* RFC 4193 */
>
> But ULA's scope isn't global, shouldn't it be IPV6_ADDR_SCOPE_ORGLOCAL ?

Yes it is - global.

-- 
Rémi Denis-Courmont

Re: [Lksctp-developers] [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[Vlad Yasevich]

Dave Johnson wrote:
> Simon Arlott writes:
>> But ULA's scope isn't global, shouldn't it be IPV6_ADDR_SCOPE_ORGLOCAL ?
> 
> Isn't ORGLOCAL defined for multicast only?

Yes, it's only for multicast.  Unicast addresses only have
2 scopes any more: Global and Link-Local.

-vlad

> 
> rfc4193 section 3.3 says:
> 
>> 3.3. Scope Definition
>>    By default, the scope of these addresses is global.  That is, they
>>    are not limited by ambiguity like the site-local addresses defined in
>>    [ADDARCH]. 
> 
> 

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In article <18087.57717.495366.413571@zeus.sw.starentnetworks.com> (at Wed, 25 Jul 2007 19:49:09 -0400), Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com> says:

> ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
> Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.

Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

I would say, it would be better to add IPV6_ADDR_UNICAST as well
for "reserved" addresses unless we have good reason not to do it,
anyway.

-- 
YOSHIFUJI Hideaki @ USAGI Project  <yoshfuji@linux-ipv6.org>
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[YOSHIFUJI Hideaki / 吉藤英明]

In article <20070725.171203.102545287.davem@davemloft.net> (at Wed, 25 Jul 2007 17:12:03 -0700 (PDT)), David Miller <davem@davemloft.net> says:

> Contrarily, there may be ipv6_addr_type() call sites that really
> do want to reject rfc4193 addresses.

I do not think we have such users.

--yoshfuji

Re: [PATCH] IPv6: ipv6_addr_type() doesn't know about RFC4193 addresses

[David Miller]

From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>
Date: Thu, 26 Jul 2007 13:34:52 -0500 (CDT)

> In article <18087.57717.495366.413571@zeus.sw.starentnetworks.com> (at Wed, 25 Jul 2007 19:49:09 -0400), Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com> says:
> 
> > ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
> > Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.
> 
> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

Ok, I've applied Dave's patch.

Dave, although it's customary and fine to use "+foo-list" email
addresses for mailing list subscriptions and discussions, I
ask that you don't add that cookie to your signoff lines in
patch submissions and I've removed it from your's in this patch.

Thanks a lot.