10/17/2011
Wakoond
Mobile IPv6 implementation in Linux is using different metric values for each Care-of Addresses, when creates or modifies default routes. This cause, that all of the packets are goes out on the interface which has lower metric value, independently from the tunnel interface. In practice it cause that the packets which are routed into ip6tnl2 are goes out on eth1, instead of the setup, which binds ip6tnl2 to eth2.
You could test it with the attached test script.
We found the following issue:
Here the iteration goes until the metric is equal to the specified one. If you look the calling environment, you should see, that this metric value is the metric of the first route info entry:
We have two totally same route entries, where only the interfaces and the metric values are different:
default via fe80::20c:29ff:fe3b:4d16 dev eth1 proto ra metric 1023 mtu 1500 advmss 1440 hoplimit 0
default via fe80::20c:29ff:fe3b:4d20 dev eth2 proto ra metric 1053 mtu 1500 advmss 1440 hoplimit 0
In this case, the above loop, will call find_match only once, for eth1. If it happens, the find_match funcin, couldn't find eth2, which belongs to ip6tnl2, and returns with eth1.
The attached patch, introduces a new route lookup flag: RT6_LOOKUP_F_IP6TUNNEL. It is passed step-by-step to find_rr_leaf, and it will ignore the metric condition in the loop, if this flag has been enabled.
The ip6ip6-metric-fix.patch contains the fix for 2.6.35.14. We had to edit the definition of ip6_route_output, and the ip6ip6-metric-stuff.patch contains the modification of calling this at any other occurrences.
skip to main |
skip to sidebar
Posted in: Categories
announcement
asana
atmega8
atotools
c
code
dashboard
debug
demo
development
dissector
examination
fix
flow binding
fmipv6
fonera
geonetworking
ghaha
git
harp
hmipv6
howto
ipsec
ipv6
issue
kernel
l2tp
linux
luci
mac
make
mcoa
mipv6
nemo
note
openssl
openwrt
os x
policy routing
pthread
python
rtnl
subversion
svn
test
tutorial
ubuntu
uci
valgrind
video
vpn
widget
wireshark
Blog Archive
Popular Posts
-
How to clone a git repository over client certificate authenticated https protocol. This guide sets the local git configuration instead of...
-
I would like to setup a VPN server for my home NAS. I would like to connect to it from my MacBook and my Android phone out-of-box. I have d...
-
The following HOWTO introduces the building of UCI (Unified Configuration Interface) on Ubuntu.
Copyright
Copyright (c) 2012 András Takács. Powered by Blogger.
1 comments:
Security testing is must. Everybody wants security at every level of his working. as explained above failures are happened but if we test time to time then it will improve. So it depend on us how much we are serious about this.
Physical Layer Security in Wireless Sensor Networks Using Distributed Co Phasing Project For CSE
Presentation Attack Detection Using a Tiny Fully Convolutional Network Project For CSE
Private Information Retrieval From a Cellular Network With Caching at the Edge Project For CSE
Robust Copy move Detection of Speech Recording Using Similarities of Pitch and Formant Project For CSE
Secrecy Energy Efficiency for MIMO Single and Multi Cell Down link Transmission with Confidential Messages Project For CSE
Secure Approximate String Matching for Privacy preserving Record Linkage Project For CSE
Secure Communication in Relay Assisted Massive MIMO Downlink With Active Pilot Attacks Project For CSE
Post a Comment