IPv6 duplicate address detection
Bruce Simpson
bms at incunabulum.net
Thu May 7 14:41:26 UTC 2009
Bob Van Zant wrote:
> Well that goes all the way back to my first email :-)
>
> "An alternative view on this is that I shouldn't be sending out any packets,
> especially unsolicited NAs, using or referencing a tentative address."
>
> This makes sense. I'll stop doing bad things now :-) Thanks for your input
> and clearing this up for me.
>
OK, I'm very glad Jinmei-san has chewed over the specifics of how this
might break DAD as specified.
All the same, you did find a condition in the kernel where
locally-originated traffic is being interpreted as being on-wire. Ok,
SOCK_RAW is going to raise the bar on malefeasant use of this behaviour,
but all the same, this is an input checking issue :-)
It would be great if you could go ahead and raise a PR about this
condition -- the MLDv2 code in HEAD will also be affected by this, as it
does an IPv6 group membership check on the icmp6 input path.
Strictly speaking it should come from ip6_mloopback(), but right now I
can't remember if that will set any mbuf flags; I do believe it sets
m->m_pkthdr.recvif to loif and that might be the only coherent way to
detect the looped back traffic w/o doing an address lookup.
cheers,
BMS
More information about the freebsd-net
mailing list