Mobile IPv6 implementation in Linux is using different metric values for each Care-of Addresses, when creates or modifies default routes. This cause, that all of the packets are goes out on the interface which has lower metric value, independently from the tunnel interface. In practice it cause that the packets which are routed into ip6tnl2 are goes out on eth1, instead of the setup, which binds ip6tnl2 to eth2.
You could test it with the attached test script.
We found the following issue:
Here the iteration goes until the metric is equal to the specified one. If you look the calling environment, you should see, that this metric value is the metric of the first route info entry:
We have two totally same route entries, where only the interfaces and the metric values are different:
default via fe80::20c:29ff:fe3b:4d16 dev eth1 proto ra metric 1023 mtu 1500 advmss 1440 hoplimit 0
default via fe80::20c:29ff:fe3b:4d20 dev eth2 proto ra metric 1053 mtu 1500 advmss 1440 hoplimit 0
In this case, the above loop, will call find_match only once, for eth1. If it happens, the find_match funcin, couldn't find eth2, which belongs to ip6tnl2, and returns with eth1.
The attached patch, introduces a new route lookup flag: RT6_LOOKUP_F_IP6TUNNEL. It is passed step-by-step to find_rr_leaf, and it will ignore the metric condition in the loop, if this flag has been enabled.
The ip6ip6-metric-fix.patch contains the fix for 2.6.35.14. We had to edit the definition of ip6_route_output, and the ip6ip6-metric-stuff.patch contains the modification of calling this at any other occurrences.
1 comments:
Security testing is must. Everybody wants security at every level of his working. as explained above failures are happened but if we test time to time then it will improve. So it depend on us how much we are serious about this.
Physical Layer Security in Wireless Sensor Networks Using Distributed Co Phasing Project For CSE
Presentation Attack Detection Using a Tiny Fully Convolutional Network Project For CSE
Private Information Retrieval From a Cellular Network With Caching at the Edge Project For CSE
Robust Copy move Detection of Speech Recording Using Similarities of Pitch and Formant Project For CSE
Secrecy Energy Efficiency for MIMO Single and Multi Cell Down link Transmission with Confidential Messages Project For CSE
Secure Approximate String Matching for Privacy preserving Record Linkage Project For CSE
Secure Communication in Relay Assisted Massive MIMO Downlink With Active Pilot Attacks Project For CSE
Post a Comment