Home page logo

oss-sec logo oss-sec mailing list archives

Re: Linux kernel handling of IPv6 temporary addresses
From: P J P <ppandit () redhat com>
Date: Thu, 17 Jan 2013 17:21:33 +0530 (IST)

+-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+
|        valid_lft 131007sec preferred_lft 65471sec
|  inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global tentative dynamic 
|        valid_lft 131007sec preferred_lft 65471sec
| what I also find wrong here is that all temporary addresses (dynamic) 
| acquired have gotten the same last 64bits. I don't think this is OK per RFC 
| 4941 even if not explicitly defined there. Every temp. address created 
| should be different per prefix from the rest.

   True, the last few bits of the addresses are same as the IPv6 address of 
the host, with scope::global, but no tentative dynamic bits set. Plus network 
becomes unreachable till I reboot the host.

| use_tempaddr for the iface still has '2' as its value
| # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 
| 2

   This value is always 0, before ifconfig eth0 down and after ifconfig eth0 

Thank you.
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]