Hi,
Attached are two patches against ~2.4.4 net/ipv6/ndisc.c. First is a real
patch, the second is just commentary based on top of the first one. It
documents a few MUST RFC-incompliances (feel free to check/fix! :-) I came
across in the whereabouts they could be dealt with. I'll continue
checking against that RFC in two weeks when I have more time.
The first patch:
1) move hop-limit 255 check to affect all ndisc messages
2) RA processing: source must be link-local. Based on thread:
IPv6: Incoming RA source-address may be non- link-local
3) all ndisc messages must have ICMP code 0
4) all ndisc messages must be of sane length (struct nd_router_solicit
etc. in glibc; the headers are out of date unfortunately)
5) NS processing: target address must not be multicast
All of the are MUST items in RFC2461.
6) two SHOULD items in advertising; discussion in thread:
IPv6: NS -> NA reply RFC2461 SHOULD considerations [patch]
7) net_ratelimit() all warning printk's in ndisc.c.
8) correct two typos in printk's.
Notes:
- I upped hlim 255 printk level from INFO to WARNING (INFO wasn't
otherwise used in this file anyway, the same level as others)
- Not sure if there should be some extra command for ROUTER_SOLICITATION
to properly discard the packet.
I've run these on two ~2.4.4 systems systems, host and router, without
apparent problems or new kernel warning messages. Feedback of course
always welcome.
Btw: for the record, the patch in:
[PATCH] (was Re: 2.4.4 & IPv6 oopses)
fixed the ipv6 oopses I was having.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
ndisc-rfc.patch
Description: Text document
ndisc-comments.diff
Description: Text document
|