Bug 98915 - IPv6 issue: unnecessary IPv6 redirect packet transfer
IPv6 issue: unnecessary IPv6 redirect packet transfer
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: David Miller
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2003-07-10 06:57 EDT by Fuchi Hideshi
Modified: 2015-04-19 20:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-10-05 20:47:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Fuchi Hideshi 2003-07-10 06:57:24 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
Taroon-A4 kernel doesn't fill the following requirements for RFC2461.

8.1.  Validation of Redirect Messages

   A host MUST silently discard any received Redirect message that does
   not satisfy all of the following validity checks:

   - The IP source address of the Redirect is the same as the current
     first-hop router for the specified ICMP Destination Address.

Additional info:

This patch from fujitsu.

--- net/ipv6/ndisc.c.org 2003-06-18 03:34:00.000000000 +0900
+++ net/ipv6/ndisc.c 2003-06-30 15:51:32.000000000 +0900
@@ -1166,6 +1166,7 @@
 struct in6_addr *dest;
 struct in6_addr *target; /* new first hop to destination */
 struct neighbour *neigh;
+ struct rt6_info *rt6;
 int on_link = 0;
 struct ndisc_options ndopts;
 int optlen;
@@ -1205,6 +1206,20 @@

+ rt6 = rt6_lookup(dest, NULL, skb->dev->ifindex, 1);
+ if (!rt6) {
+ if (net_ratelimit())
+ printk(KERN_WARNING "ICMP redirect: "
+   "no route found for redirect dst\n");
+ return;
+ } else if (ipv6_addr_cmp(&skb->nh.ipv6h->saddr, &rt6->rt6i_gateway) != 0) {
+ if (net_ratelimit())
+ printk(KERN_WARNING "ICMP redirect: "
+ "not equal to gw-for-src (must be same)\n");
+ dst_release(&rt6->u.dst);
+ return;
+ }
 in6_dev = in6_dev_get(skb->dev);
 if (!in6_dev)
Comment 1 Rik van Riel 2003-07-10 08:50:14 EDT
Fuchi, thank you for this ipv6 patch.

Dave, could you please check that this patch looks ok ?

Jens, could you please test this patch with your TAHI setup ?

Comment 2 David Miller 2003-07-10 16:51:28 EDT
I would much prefer that these patches go to the USAGI people
and get discussed on the public lists than to rot here in our
bugzilla entires.

Once USAGI and the lists approve a patch, it goes into our
tree automatically, so this is the best course of action for
such things.
Comment 3 David Miller 2003-07-10 20:50:44 EDT
This patch is buggy, it leaks the 'rt6' on the non-error
code path.

Once this bug is fixed, please post the final version via
the proper channels which is to linux-net@vger.kernel.org
and CC:'ing Yoshfuji Hideaki of USAGI project (yoshfuji@linux-ipv6.org)

Thank you.
Comment 4 David Miller 2003-07-11 00:01:27 EDT
I'm closing this, the correct tests are made by net/ipv6/route.c:rt6_redirect()

Whoever is creating these patches is not testing or verifying the
things they are finding, they are looking at code and guessing
how it works or what it does and making patches based upon those

I see this happen often when people get into an "RFC mania" mode
about fixing bugs.

Comment 7 David Miller 2005-10-05 19:16:40 EDT
I think it is not appropriate to merge in a fix for something which is
purely a standards compliance issue, so late in the RHEL3 release cycle.

If a customer has a real problem they were hitting due to this bug,
that would be a different issue.  This bug is purely being reported
because of a failure during the TAHI ipv6 compliance tests, and I do not
consider that a strong enough basis for inclusion this late in the product
life cycle.

We really need to draw the line somewhere.
Comment 8 Ernie Petrides 2005-10-05 20:47:07 EDT
Closing as WONTFIX in light of last comment.

Note You need to log in before you can comment on or make changes to this bug.