Date: Thu, 17 Jan 2013 17:21:33 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss-security@...ts.openwall.com cc: kargig@...d.gr Subject: Re: Linux kernel handling of IPv6 temporary addresses +-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+ | valid_lft 131007sec preferred_lft 65471sec | inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global tentative dynamic | valid_lft 131007sec preferred_lft 65471sec | | what I also find wrong here is that all temporary addresses (dynamic) | acquired have gotten the same last 64bits. I don't think this is OK per RFC | 4941 even if not explicitly defined there. Every temp. address created | should be different per prefix from the rest. True, the last few bits of the addresses are same as the IPv6 address of the host, with scope::global, but no tentative dynamic bits set. Plus network becomes unreachable till I reboot the host. | use_tempaddr for the iface still has '2' as its value | # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr | 2 This value is always 0, before ifconfig eth0 down and after ifconfig eth0 up. Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.