mailing list archives
Re: Linux kernel handling of IPv6 temporary addresses
From: P J P <ppandit () redhat com>
Date: Mon, 21 Jan 2013 18:02:46 +0530 (IST)
+-- On Sun, 20 Jan 2013, George Kargiotakis wrote --+
| Yes and no. When flooding finishes everything still works ok,
| temp. addresses haven't been disabled, but when the preferred timer
| of the temp. address of the original acquired prefix expires, the kernel
| won't be able to acquire a new temporary address because the interface
| is already full with 16 addresses from flooding. An already acquired
| address only gets removed when it's validity timer expires. So, the
| host will be left using the global non-temp address acquired by slaac
| until another 'slot' (from the default 16) becomes free/expires.
| Summarizing, one is still able to remotely, inside a LAN, cause
| problems to another host, that is make it lose it's temp. address
| functionality at least for some time.
Ah right. I just wanted to confirm if it makes sense to push that patch
upstream. I think we'll defer it for now.
Thanks so much.
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Feb 22)