lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 24 Sep 2010 18:40:06 +0200
From:	Ulrich Weber <uweber@...aro.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	Ulrich Weber <ulrich.weber@...glemail.com>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC PATCH] dont create cached routes from ARP requests

On 09/24/2010 06:05 PM, Eric Dumazet wrote:
> Le vendredi 24 septembre 2010 à 17:38 +0200, Ulrich Weber a écrit :
>> steps to reproduce:
>> server:
>>  ip route add 1.0.0.0/8 dev dummy0
>>
>> client:
>>  ip route add 1.0.0.0/8 dev eth0
>>  nmap --min-rate 500 -sP 1.0.0.0/8
>>
> 
> Great, you use nmap and fill 'client' neighbour cache.

Nope, I fills the 'server' neighbor cache too
due cached routes in arp_process():
        if (arp->ar_op == htons(ARPOP_REQUEST) &&
            ip_route_input_noref(skb, tip, sip, 0, dev) == 0)

> Now, back to the _real_ problem, please ?
> 
> <quote>
> 
> Background: At home I have two Internet connections, DSL and Cable.
> DSL is the primary uplink while Cable is the secondary.
> My Cable ISP is flooding me with ARP request from 10.0.0.0/8,
> which creates routes via the primary uplink.
> There are thousands of cached routes and after some time
> I get "Neighbour table overflow" messages.
> 
> </quote>
> 
> You receive an ARP request on device eth1,
> this creates a route on eth0 ?
> 
> Could you send your routing/address setup ?
> 
> ip addr
> ip ro
> 

ARP request flood comes in via eth2.

Have to correct myself: With configuration below only route cache
increases but no "Neighbour table overflow".

By adding "ip route add 10.0.0.0/8 dev eth0" the Neighbor table overflow
will occur.


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
    inet 78.43.x.x/22 brd 78.43.35.255 scope global eth2
12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc hfsc
state UNKNOWN qlen 3
    inet 95.114.x.x peer 213.20.56.129/32 scope global ppp0


default via 213.20.56.129 dev ppp0
78.43.32.0/22 dev eth2  proto kernel  scope link  src 78.43.x.x
127.0.0.0/8 dev lo  scope link
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
213.20.56.129 dev ppp0  proto kernel  scope link  src 95.114.x.x


-- 
Ulrich Weber | uweber@...aro.com | Software Engineer
Astaro GmbH & Co. KG | www.astaro.com | Phone +49-721-25516-0 | Fax –200
An der RaumFabrik 33a | 76227 Karlsruhe | Germany
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ