Query on usage of multicast as source IPv6 address

Message ID	4EB88FCC.9000509@hp.com
State	RFC, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <4EB88FCC.9000509@hp.com> Date: Mon, 07 Nov 2011 21:11:24 -0500 From: Brian Haley <brian.haley@hp.com> Organization: HP Cloud Services User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110921 Lightning/1.0b2 Thunderbird/3.1.15 MIME-Version: 1.0 To: Kumar Sanghvi <divinekumar@gmail.com> CC: netdev@vger.kernel.org Subject: Re: Query on usage of multicast as source IPv6 address References: <20111107204550.GB2980@kumar.asicdesigners.com> In-Reply-To: <20111107204550.GB2980@kumar.asicdesigners.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

4EB88FCC.9000509@hp.com

State

RFC, archived

Delegated to:

David Miller

Headers

Message-ID: <4EB88FCC.9000509@hp.com>
Date: Mon, 07 Nov 2011 21:11:24 -0500
From: Brian Haley <brian.haley@hp.com>
Organization: HP Cloud Services
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.2.23) Gecko/20110921 Lightning/1.0b2 Thunderbird/3.1.15
MIME-Version: 1.0
To: Kumar Sanghvi <divinekumar@gmail.com>
CC: netdev@vger.kernel.org
Subject: Re: Query on usage of multicast as source IPv6 address
References: <20111107204550.GB2980@kumar.asicdesigners.com>
In-Reply-To: <20111107204550.GB2980@kumar.asicdesigners.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Brian Haley Nov. 8, 2011, 2:11 a.m. UTC

On 11/07/2011 03:45 PM, Kumar Sanghvi wrote:
> Hi,
> 
> I am trying to understand IPv6 behavior in Linux.
> And I have a doubt related to use of multicast address
> as source address.
> 
> RFC 4291 in Section 2.7 states that:
> "Multicast addresses must not be used as source addresses
>  in IPv6 packets or appear in any Routing header."
> 
> However, what should be the behavior if a host receives a
> packet (probably from a malicious host with pktgen abilities)
> having a multicast address in source address field:
> 1) Should the receiving host discard the packet?

I believe other *nixes silently drop it, can you try this patch?

-Brian


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Kumar Sanghvi Nov. 8, 2011, 4:35 a.m. UTC | #1

Hi Brian,

On Mon, Nov 07, 2011 at 21:11:24 -0500, Brian Haley wrote:
> On 11/07/2011 03:45 PM, Kumar Sanghvi wrote:
> > Hi,
> > 
> > I am trying to understand IPv6 behavior in Linux.
> > And I have a doubt related to use of multicast address
> > as source address.
> > 
> > RFC 4291 in Section 2.7 states that:
> > "Multicast addresses must not be used as source addresses
> >  in IPv6 packets or appear in any Routing header."
> > 
> > However, what should be the behavior if a host receives a
> > packet (probably from a malicious host with pktgen abilities)
> > having a multicast address in source address field:
> > 1) Should the receiving host discard the packet?
> 
> I believe other *nixes silently drop it, can you try this patch?
> 
> -Brian
> 
> diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
> index 027c7ff..a46c64e 100644
> --- a/net/ipv6/ip6_input.c
> +++ b/net/ipv6/ip6_input.c
> @@ -111,6 +111,14 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev,
> struct packet_type *pt
>  	    ipv6_addr_loopback(&hdr->daddr))
>  		goto err;
> 
> +	/*
> +	 * RFC4291 2.7
> +	 * Multicast addresses must not be used as source addresses in IPv6
> +	 * packets or appear in any Routing header.
> +	 */
> +	if (ipv6_addr_is_multicast(&hdr->saddr))
> +		goto err;
> +
>  	skb->transport_header = skb->network_header + sizeof(*hdr);
>  	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
>

Tested this patch on 3.1 kernel.
The patch works fine and now, Linux no longer sends a response
to multicast address.
Thanks Brian for the patch!

Reported-and-Tested-by: Kumar Sanghvi <divinekumar@gmail.com>


Thanks,
Kumar. 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 027c7ff..a46c64e 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -111,6 +111,14 @@  int ipv6_rcv(struct sk_buff *skb, struct net_device *dev,
struct packet_type *pt
 	    ipv6_addr_loopback(&hdr->daddr))
 		goto err;

+	/*
+	 * RFC4291 2.7
+	 * Multicast addresses must not be used as source addresses in IPv6
+	 * packets or appear in any Routing header.
+	 */
+	if (ipv6_addr_is_multicast(&hdr->saddr))
+		goto err;
+
 	skb->transport_header = skb->network_header + sizeof(*hdr);
 	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);

Query on usage of multicast as source IPv6 address

Commit Message

Comments

Patch