From aaae7109d23cc9a97aea27efcf6f541a594eddf4 Mon Sep 17 00:00:00 2001 From: Ghanan Gowripalan Date: Fri, 28 Aug 2020 14:37:53 -0700 Subject: Don't bind loopback to all IPs in an IPv6 subnet An earlier change considered the loopback bound to all addresses in an assigned subnet. This should have only be done for IPv4 to maintain compatability with Linux: ``` $ ip addr show dev lo 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group ... link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever $ ping 2001:db8::1 PING 2001:db8::1(2001:db8::1) 56 data bytes ^C --- 2001:db8::1 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3062ms $ ping 2001:db8::2 PING 2001:db8::2(2001:db8::2) 56 data bytes ^C --- 2001:db8::2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2030ms $ sudo ip addr add 2001:db8::1/64 dev lo $ ping 2001:db8::1 PING 2001:db8::1(2001:db8::1) 56 data bytes 64 bytes from 2001:db8::1: icmp_seq=1 ttl=64 time=0.055 ms 64 bytes from 2001:db8::1: icmp_seq=2 ttl=64 time=0.074 ms 64 bytes from 2001:db8::1: icmp_seq=3 ttl=64 time=0.073 ms 64 bytes from 2001:db8::1: icmp_seq=4 ttl=64 time=0.071 ms ^C --- 2001:db8::1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3075ms rtt min/avg/max/mdev = 0.055/0.068/0.074/0.007 ms $ ping 2001:db8::2 PING 2001:db8::2(2001:db8::2) 56 data bytes From 2001:db8::1 icmp_seq=1 Destination unreachable: No route From 2001:db8::1 icmp_seq=2 Destination unreachable: No route From 2001:db8::1 icmp_seq=3 Destination unreachable: No route From 2001:db8::1 icmp_seq=4 Destination unreachable: No route ^C --- 2001:db8::2 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3070ms ``` Test: integration_test.TestLoopbackAcceptAllInSubnet PiperOrigin-RevId: 329011566 --- pkg/tcpip/tests/integration/loopback_test.go | 40 ---------------------------- 1 file changed, 40 deletions(-) (limited to 'pkg/tcpip/tests/integration') diff --git a/pkg/tcpip/tests/integration/loopback_test.go b/pkg/tcpip/tests/integration/loopback_test.go index 3a2f75837..1b18023c5 100644 --- a/pkg/tcpip/tests/integration/loopback_test.go +++ b/pkg/tcpip/tests/integration/loopback_test.go @@ -109,52 +109,12 @@ func TestLoopbackAcceptAllInSubnet(t *testing.T) { dstAddr: ipv6Addr.Address, expectRx: true, }, - { - name: "IPv6 bind to wildcard and send to assigned address", - addAddress: ipv6ProtocolAddress, - dstAddr: ipv6Addr.Address, - expectRx: true, - }, { name: "IPv6 bind to wildcard and send to other subnet-local address", addAddress: ipv6ProtocolAddress, dstAddr: otherIPv6Address, - expectRx: true, - }, - { - name: "IPv6 bind to wildcard send to other address", - addAddress: ipv6ProtocolAddress, - dstAddr: remoteIPv6Addr, - expectRx: false, - }, - { - name: "IPv6 bind to other subnet-local address and send to assigned address", - addAddress: ipv6ProtocolAddress, - bindAddr: otherIPv6Address, - dstAddr: ipv6Addr.Address, - expectRx: false, - }, - { - name: "IPv6 bind and send to other subnet-local address", - addAddress: ipv6ProtocolAddress, - bindAddr: otherIPv6Address, - dstAddr: otherIPv6Address, - expectRx: true, - }, - { - name: "IPv6 bind to assigned address and send to other subnet-local address", - addAddress: ipv6ProtocolAddress, - bindAddr: ipv6Addr.Address, - dstAddr: otherIPv6Address, expectRx: false, }, - { - name: "IPv6 bind and send to assigned address", - addAddress: ipv6ProtocolAddress, - bindAddr: ipv6Addr.Address, - dstAddr: ipv6Addr.Address, - expectRx: true, - }, } for _, test := range tests { -- cgit v1.2.3