[ofa-general] [PATCH] IB/IPoIB: Don't let a bad muticast address in the join list stop subsequent joins

Roland Dreier rdreier at cisco.com
Wed Jul 15 09:01:05 PDT 2009


 > I took your advice and sent a patch to bonding to fix the issue there to which I
 > am waiting for comment) but I still think the patch for IPoIB is still needed.
 > Without it, IPoIB is exposed to a DoS attack by a module (that looks like bonding but 
 > with malicious intentions) that sends IPoIB a garbage multicast address and stops it from
 > joining any other group for ever, even if it is a legal group.

If the attack vector is a malicous module, I'm not too worried about
it -- after all, a malicious module could just overwrite the IPoIB
module code with whatever it wants and break things that way.

Is there any way userspace can inject a bogus multicast address?

 - R.



More information about the general mailing list