| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Aug 2011 06:14:22 -0700
From: Tom London <selinux@...il.com>
To: Julian Anastasov <ja@....bg>
Cc: Dave Jones <davej@...hat.com>, netdev@...r.kernel.org
Subject: Re: return of ip_rt_bug()
On Thu, Aug 4, 2011 at 5:20 AM, Julian Anastasov <ja@....bg> wrote:
>
> Hello,
>
> On Tue, 2 Aug 2011, Dave Jones wrote:
>
>> Tom (CC'd) has been hitting that ip_rt_bug() WARN_ON() since 3.0rc
>>
>> Here's the latest report.
>>
>> ------------[ cut here]------------
>> WARNING: atnet/ipv4/route.c:1714 ip_rt_bug+0x5c/0x62()
>> Hardware name: 74585FU
>> Modules linked in: fuse
>> ip6table_filter ip6_tables ebtable_nat ebtables ppdev parport_pc lp parport
>> ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state
>> nf_conntrack xt_CHECKSUM iptable_mangle tun bridge stp llc sunrpc rfcomm bnep
>> usblp arc4 uvcvideo videodev media snd_usb_audio snd_usbmidi_lib snd_rawmidi
>> v4l2_compat_ioctl32 iwlagn microcode i2c_i801 btusb iTCO_wdt
>> iTCO_vendor_support mac80211 bluetooth snd_hda_codec_conexant cfg80211
>> thinkpad_acpi snd_hda_intel snd_hda_codec rfkill snd_hwdep snd_seq
>> snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000e virtio_net
>> kvm_intel kvm uinput wmi i915 drm_kms_helper drm i2c_algo_bit i2c_core video[last unloaded: scsi_wait_scan]
>> Pid: 5492, comm: xsane Not tainted 3.1.0-0.rc0.git12.1.fc17.x86_64 #1
>> Call Trace:
>> [<ffffffff8105c5ec>] warn_slowpath_common+0x83/0x9b
>> [<ffffffff8105c61e>] warn_slowpath_null+0x1a/0x1c
>> [<ffffffff8142f485>] ip_rt_bug+0x5c/0x62
>> [<ffffffff81437091>] dst_output+0x19/0x1d
>> [<ffffffff814387c0>] ip_local_out+0x20/0x25
>> [<ffffffff81439695>] ip_send_skb+0x19/0x3e
>> [<ffffffff81455ea2>] udp_send_skb+0x239/0x29b
>> [<ffffffff8145763f>] udp_sendmsg+0x5a1/0x7d4
>> [<ffffffff813f67d5>] ? release_sock+0x35/0x155
>> [<ffffffff8143718c>] ? ip_select_ident+0x3d/0x3d
>> [<ffffffff81062703>] ? local_bh_enable_ip+0xe/0x10
>> [<ffffffff814f1231>] ? _raw_spin_unlock_bh+0x40/0x44
>> [<ffffffff813f68ec>] ? release_sock+0x14c/0x155
>> [<ffffffff8145eb58>] inet_sendmsg+0x66/0x6f
>> [<ffffffff813f1d92>] sock_sendmsg+0xe6/0x109
>> [<ffffffff8108f1c8>] ? lock_acquire+0x10f/0x13e
>> [<ffffffff8110dd34>] ? might_fault+0x5c/0xac
>> [<ffffffff8108f08c>] ? lock_release+0x1a4/0x1d1
>> [<ffffffff8110dd7d>] ? might_fault+0xa5/0xac
>> [<ffffffff813f2ad7>] ? copy_from_user+0x2f/0x31
>> [<ffffffff813f496d>] sys_sendto+0x132/0x174
>> [<ffffffff8124ef6e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
>> [<ffffffff814f80c2>] system_call_fastpath+0x16/0x1b
>> ---[ end trace 0e82aef47f8d8552 ]---
>> ------------[ cut here ]------------
>>
>> all the traces he's hit so far seem to be caused by udp, and they all seem to be
>> going from 192.168.2.5 -> 255.255.255.255
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=712632 is his full report with similar traces.
>
> Tom, what kind of netfilter rules do you have in
> LOCAL_OUT/OUTPUT hooks? We eliminated one ip_route_input call
> from net/ipv4/netfilter.c (ip_route_me_harder) but it looks like
> in your kernel ip_route_input is called again from this hook.
> It is interesting why only broadcasts get such input route.
>
> I assume 192.168.2.5 is an existing local address that
> is present during the test? Any additional modules that use
> ip_route_input ? Are nf_queue, IPVS, br_netfilter or tproxy used?
>
> Regards
>
> --
> Julian Anastasov <ja@....bg>
>
Here is what 'route' says:
[root@...ndon ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default tlondon 0.0.0.0 UG 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 1 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
[root@...ndon ~]#
and 'ifconfig':
eth0 Link encap:Ethernet HWaddr 00:1F:16:0B:56:A8
inet addr:192.168.2.6 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::21f:16ff:fe0b:56a8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4269 errors:0 dropped:0 overruns:0 frame:0
TX packets:3503 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3948798 (3.7 MiB) TX bytes:517347 (505.2 KiB)
Interrupt:20 Memory:f2600000-f2620000
Here is what is in /etc/sysconfig/iptables:
[root@...ndon sysconfig]# cat iptables
# Generated by iptables-save v1.4.9 on Mon Jan 17 06:36:35 2011
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:DNS - [0:0]
:INTERNET - [0:0]
:INTRANET - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
-A INPUT -s 255.255.255.255/32 -j INTRANET
-A INPUT -s 127.0.0.0/8 -j INTRANET
-A INPUT -s 10.0.0.0/8 -j INTRANET
-A INPUT -s 172.16.0.0/16 -j INTRANET
-A INPUT -s 224.0.0.0/24 -j INTRANET
-A INPUT -s 192.168.0.0/16 -j INTRANET
-A INPUT -j INTERNET
-A OUTPUT -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
-A OUTPUT -d 255.255.255.255/32 -j INTRANET
-A OUTPUT -d 127.0.0.0/8 -j INTRANET
-A OUTPUT -d 10.0.0.0/8 -j INTRANET
-A OUTPUT -d 172.16.0.0/16 -j INTRANET
-A OUTPUT -d 224.0.0.0/24 -j INTRANET
-A OUTPUT -d 192.168.0.0/16 -j INTRANET
-A OUTPUT -p udp -m udp --dport 53 -j DNS
-A OUTPUT -p tcp -m tcp --dport 53 -j DNS
-A OUTPUT -j INTERNET
-A DNS -j SECMARK --selctx system_u:object_r:dns_internet_packet_t:s0
-A DNS -j CONNSECMARK --save
-A DNS -j ACCEPT
-A INTERNET -j SECMARK --selctx system_u:object_r:internet_packet_t:s0
-A INTERNET -j CONNSECMARK --save
-A INTERNET -j ACCEPT
-A INTRANET -j SECMARK --selctx system_u:object_r:intranet_packet_t:s0
-A INTRANET -j CONNSECMARK --save
-A INTRANET -j ACCEPT
COMMIT
# Completed on Mon Jan 17 06:36:35 2011
# Generated by iptables-save v1.4.9 on Mon Jan 17 06:36:35 2011
*nat
:PREROUTING ACCEPT [35:3434]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [812:64159]
:POSTROUTING ACCEPT [810:63177]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Jan 17 06:36:35 2011
# Generated by iptables-save v1.4.9 on Mon Jan 17 06:36:35 2011
*mangle
:PREROUTING ACCEPT [83178:89234503]
:INPUT ACCEPT [83176:89234439]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [52780:3860973]
:POSTROUTING ACCEPT [52919:3899453]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon Jan 17 06:36:35 2011
# Generated by iptables-save v1.4.9 on Mon Jan 17 06:36:35 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [52780:3860973]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 631 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Jan 17 06:36:35 2011
[root@...ndon sysconfig]#
and here is what 'iptables -L' says:
[root@...ndon ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@...ndon ~]#
Regarding additional modules, I believe I'm running a 'stock' Fedora
Rawhide system. Here is what 'lsmod' says:
[root@...ndon ~]# lsmod
Module Size Used by
fuse 70196 3
ip6table_filter 12815 0
ip6_tables 23088 1 ip6table_filter
ebtable_nat 12807 0
ebtables 27075 1 ebtable_nat
ipt_MASQUERADE 12880 3
iptable_nat 13383 1
nf_nat 25795 2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 14700 4 iptable_nat,nf_nat
nf_defrag_ipv4 12673 1 nf_conntrack_ipv4
xt_state 12578 1
nf_conntrack 81778 5
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
ppdev 13616 0
parport_pc 24112 0
xt_CHECKSUM 12549 1
lp 22009 0
iptable_mangle 12695 1
parport 40823 3 ppdev,parport_pc,lp
tun 19023 1
bridge 85889 0
stp 12946 1 bridge
llc 14197 2 bridge,stp
rfcomm 65661 4
bnep 19857 2
usblp 18206 0
arc4 12529 2
uvcvideo 63617 0
videodev 85806 1 uvcvideo
media 20522 2 uvcvideo,videodev
snd_usb_audio 108696 1
v4l2_compat_ioctl32 16677 1 videodev
snd_usbmidi_lib 24835 1 snd_usb_audio
snd_rawmidi 25641 1 snd_usbmidi_lib
snd_hda_codec_conexant 62115 1
snd_hda_intel 28992 3
iwlagn 370621 0
snd_hda_codec 91636 2 snd_hda_codec_conexant,snd_hda_intel
snd_hwdep 13595 2 snd_usb_audio,snd_hda_codec
snd_seq 57219 0
snd_seq_device 14173 2 snd_rawmidi,snd_seq
mac80211 282558 1 iwlagn
btusb 20161 2
microcode 31412 0
i2c_i801 17765 0
snd_pcm 85340 4 snd_usb_audio,snd_hda_intel,snd_hda_codec
iTCO_wdt 17808 0
iTCO_vendor_support 13474 1 iTCO_wdt
cfg80211 161253 2 iwlagn,mac80211
bluetooth 215033 23 rfcomm,bnep,btusb
snd_timer 29131 2 snd_seq,snd_pcm
snd_page_alloc 14039 2 snd_hda_intel,snd_pcm
thinkpad_acpi 71386 0
rfkill 21648 4 cfg80211,bluetooth,thinkpad_acpi
snd 70856 19
snd_usb_audio,snd_usbmidi_lib,snd_rawmidi,snd_hda_codec_conexant,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_seq,snd_seq_device,snd_pcm,snd_timer,thinkpad_acpi
soundcore 14562 1 snd
e1000e 182622 0
virtio_net 19157 0
kvm_intel 125225 0
kvm 348016 1 kvm_intel
uinput 17722 0
wmi 18697 0
i915 403560 3
drm_kms_helper 36330 1 i915
drm 201826 4 i915,drm_kms_helper
i2c_algo_bit 13246 1 i915
i2c_core 34077 6
videodev,i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit
video 19174 1 i915
[root@...ndon ~]#
How else can I help?
tom
--
Tom London
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists