From: Martin Lopreiato on
hello,

i want to send a packet with a forged ipv6 address. i tried using
sendmsg() with ancilliary data, but it seems I can only select an
address that has been configured on my system. if I select an
arbitrary ipv6 address that i want to forge, i get "can't assign
requested address" (in freebsd) or "invalid argument" (in linux).
isn't it possible to forge an ipv6 address with sendmsg()?

note: if i use a configured address, my code works perfectly. so the
error message i'm getting when trying to forge an ipv6 address does
not seem to be related to a bug in my code.

thnx,
/m
From: Rainer Weikusat on
Martin Lopreiato <martin.lopreiato(a)gmail.com> writes:
> i want to send a packet with a forged ipv6 address. i tried using
> sendmsg() with ancilliary data, but it seems I can only select an
> address that has been configured on my system. if I select an
> arbitrary ipv6 address that i want to forge, i get "can't assign
> requested address" (in freebsd) or "invalid argument" (in linux).
> isn't it possible to forge an ipv6 address with sendmsg()?

Not with Linux. The IPV6_PKTINFO message you send is processed by the
code quoted below:

-----------------
if (addr_type != IPV6_ADDR_ANY) {
int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
if (!ipv6_chk_addr(net, &src_info->ipi6_addr,
strict ? dev : NULL, 0))
err = -EINVAL;
else
ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr);
}
------------------
[datagram_send_ctl, net/ipv6/datagram.c]

which copies the address you passed to the 'flow source address' if
the ipv6_chk_addr routine considers it valid. This routine is in
addrconf.c in the same directory. The relevant part of the code is

-----------------------
for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
if (!net_eq(dev_net(ifp->idev->dev), net))
continue;
if (ipv6_addr_equal(&ifp->addr, addr) &&
!(ifp->flags&IFA_F_TENTATIVE)) {
if (dev == NULL || ifp->idev->dev == dev ||
!(ifp->scope&(IFA_LINK|IFA_HOST) || strict))
break;
}
}

[...]

return ifp != NULL;
-----------------------

Consequently, the sendmsg-passed address will be rejected if it isn't
equal to one of the configured IPv6 addresses of the system.