Date: Thu, 07 May 2009 15:41:19 +0100 From: Bruce Simpson <bms@incunabulum.net> To: Bob Van Zant <bob@veznat.com> Cc: =?ISO-2022-JP?B?SklOTUVJIFRhdHV5YSAvIBskQj9ATEBDIzpIGyhC?= <Jinmei_Tatuya@isc.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: IPv6 duplicate address detection Message-ID: <4A02F30F.5030704@incunabulum.net> In-Reply-To: <C627C703.8199C%bob@veznat.com> References: <C627C703.8199C%bob@veznat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bob Van Zant wrote: > Well that goes all the way back to my first email :-) > > "An alternative view on this is that I shouldn't be sending out any packets, > especially unsolicited NAs, using or referencing a tentative address." > > This makes sense. I'll stop doing bad things now :-) Thanks for your input > and clearing this up for me. > OK, I'm very glad Jinmei-san has chewed over the specifics of how this might break DAD as specified. All the same, you did find a condition in the kernel where locally-originated traffic is being interpreted as being on-wire. Ok, SOCK_RAW is going to raise the bar on malefeasant use of this behaviour, but all the same, this is an input checking issue :-) It would be great if you could go ahead and raise a PR about this condition -- the MLDv2 code in HEAD will also be affected by this, as it does an IPv6 group membership check on the icmp6 input path. Strictly speaking it should come from ip6_mloopback(), but right now I can't remember if that will set any mbuf flags; I do believe it sets m->m_pkthdr.recvif to loif and that might be the only coherent way to detect the looped back traffic w/o doing an address lookup. cheers, BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A02F30F.5030704>