[ofa-general] [PATCH] IB/IPoIB: Don't let a bad muticast address in the join list stop subsequent joins
Jason Gunthorpe
jgunthorpe at obsidianresearch.com
Fri Jul 17 14:15:21 PDT 2009
On Wed, Jul 15, 2009 at 09:01:05AM -0700, Roland Dreier wrote:
>
> > I took your advice and sent a patch to bonding to fix the issue there to which I
> > am waiting for comment) but I still think the patch for IPoIB is still needed.
> > Without it, IPoIB is exposed to a DoS attack by a module (that looks like bonding but
> > with malicious intentions) that sends IPoIB a garbage multicast address and stops it from
> > joining any other group for ever, even if it is a legal group.
>
> If the attack vector is a malicous module, I'm not too worried about
> it -- after all, a malicious module could just overwrite the IPoIB
> module code with whatever it wants and break things that way.
>
> Is there any way userspace can inject a bogus multicast address?
Can you do it with netlink?
ip maddr add address ... dev ib0
Jason
More information about the general
mailing list