lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 11 Jan 2008 17:31:55 +0100
From:	martin f krafft <madduck@...duck.net>
To:	netdev discussion list <netdev@...r.kernel.org>
Subject: iproute2: removing primary address removes secondaries

Dear list,

When I add an address to an interface whose network prefix is the
same as that of an address already bound to the interface, the new
address becomes a secondary address. As per
http://www.policyrouting.org/iproute2.doc.html:

  "secondary --- this address is not used when selecting the default
  source address for outgoing packets. An IP address becomes
  secondary if another address within the same prefix (network)
  already exists. The first address within the prefix is primary and
  is the tag address for the group of all the secondary addresses.
  When the primary address is deleted all of the secondaries are
  purged too."

In the following, I want to argue that this is not necessary.
I think that removal of a primary address should cause the next
address to be promoted to be the default source address and the
link-scoped route to be retained. This is basically out of
http://bugs.debian.org/429689, the maintainer asked me to turn
directly to this list.

If I add an address to a device with 'ip add', ip also implicitly
adds a link-scoped route according to the netmask. It only does this
for primary addresses, so if I add a second address within the same
network, the route is not duplicated.

Thus, the net effect on the routing table is the same for the
following two commands:

  ip a a 172.16.0.100/12 dev eth0 && ip a a 172.16.0.200/12 dev eth0
  ip a a 172.16.0.100/12 dev eth0 && ip a a 172.16.0.200/32 dev eth0
                                                        ^^^^
In the first case, the .200 address becomes a secondary of the .100
address. In the second case, they are both primaries. In both cases,
only one /12 link-scoped route will be created.

However, in both cases, if I remove the .100 address, the .200 is
affected: if it's secondary, it ceases to exist, and if it's
primary (i.e. in the /32 case), then the host can no longer use it
to communicate to hosts in the same link segment, only to hosts on
the other side of the default gateway.

I thus question the point of purging secondary addresses. Obviously,
only one address can be primary (it is used as source address for
packets leaving the machine by the respective route). But if the
primary address is removed, the next secondary should be promoted
and the route should *not* be deleted.

Comments?

Cheers,

-- 
martin | http://madduck.net/ | http://two.sentenc.es/
 
microsoft: for when quality, reliability, and security
           just aren't that important!
 
spamtraps: madduck.bogus@...duck.net

Download attachment "digital_signature_gpg.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ