Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 Jan 2013 18:02:46 +0530 (IST)
From: P J P <>
Subject: Re: Linux kernel handling of IPv6 temporary

+-- On Sun, 20 Jan 2013, George Kargiotakis wrote --+
| Yes and no. When flooding finishes everything still works ok,
| temp. addresses haven't been disabled, but when the preferred timer
| of the temp. address of the original acquired prefix expires, the kernel
| won't be able to acquire a new temporary address because the interface
| is already full with 16 addresses from flooding. An already acquired
| address only gets removed when it's validity timer expires. So, the
| host will be left using the global non-temp address acquired by slaac
| until another 'slot' (from the default 16) becomes free/expires.
| Summarizing, one is still able to remotely, inside a LAN, cause
| problems to another host, that is make it lose it's temp. address
| functionality at least for some time.

  Ah right. I just wanted to confirm if it makes sense to push that patch 
upstream. I think we'll defer it for now.

Thanks so much.
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ