lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 18 Sep 2016 09:12:38 -0600
From:   David Ahern <dsa@...ulusnetworks.com>
To:     Vincent Bernat <vincent@...nat.im>,
        "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        James Morris <jmorris@...ei.org>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org
Subject: Re: [v2] net: ipv6: fallback to full lookup if table lookup is
 unsuitable

On 9/16/16 2:33 PM, Vincent Bernat wrote:
> Commit 8c14586fc320 ("net: ipv6: Use passed in table for nexthop
> lookups") introduced a regression: insertion of an IPv6 route in a table
> not containing the appropriate connected route for the gateway but which
> contained a non-connected route (like a default gateway) fails while it
> was previously working:
> 
>     $ ip link add eth0 type dummy
>     $ ip link set up dev eth0
>     $ ip addr add 2001:db8::1/64 dev eth0
>     $ ip route add ::/0 via 2001:db8::5 dev eth0 table 20
>     $ ip route add 2001:db8:cafe::1/128 via 2001:db8::6 dev eth0 table 20
>     RTNETLINK answers: No route to host
>     $ ip -6 route show table 20
>     default via 2001:db8::5 dev eth0  metric 1024  pref medium
> 
> After this patch, we get:
> 
>     $ ip route add 2001:db8:cafe::1/128 via 2001:db8::6 dev eth0 table 20
>     $ ip -6 route show table 20
>     2001:db8:cafe::1 via 2001:db8::6 dev eth0  metric 1024  pref medium
>     default via 2001:db8::5 dev eth0  metric 1024  pref medium
> 

need an explicit Fixes tag here:

Fixes: 8c14586fc320 ("net: ipv6: Use passed in table for nexthop lookups")

> Signed-off-by: Vincent Bernat <vincent@...nat.im>
> ---
>  net/ipv6/route.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index ad4a7ff301fc..2c6c7257ff75 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -1994,6 +1994,14 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg)
>  			if (cfg->fc_table)
>  				grt = ip6_nh_lookup_table(net, cfg, gw_addr);
>  
> +			if (grt) {
> +				if (grt->rt6i_flags & RTF_GATEWAY ||
> +				    (dev && dev != grt->dst.dev)) {
> +					ip6_rt_put(grt);
> +					grt = NULL;
> +				}
> +			}
> +

The if grt check needs to be under the 'if (cfg->fc_table)'


>  			if (!grt)
>  				grt = rt6_lookup(net, gw_addr, NULL,
>  						 cfg->fc_ifindex, 1);
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ