lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Mar 2018 14:03:01 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     bluca@...ian.org, green@....ru
Cc:     netdev@...r.kernel.org,
        Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2] Revert "iproute: "list/flush/save default" selected all of the routes"

This reverts commit 9135c4d6037ff9f1818507bac0049fc44db8c3d2.

Debian maintainer found that basic command:
	# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.

Reported-by: Luca Boccassi <bluca@...ian.org>
Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
---
 ip/iproute.c | 65 ++++++++++++++++++------------------------------------------
 lib/utils.c  | 13 ++++++++++++
 2 files changed, 32 insertions(+), 46 deletions(-)

diff --git a/ip/iproute.c b/ip/iproute.c
index bf886fda9d76..32c93ed5abd9 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -191,42 +191,20 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 		return 0;
 	if ((filter.tos^r->rtm_tos)&filter.tosmask)
 		return 0;
-	if (filter.rdst.family) {
-		if (r->rtm_family != filter.rdst.family ||
-		    filter.rdst.bitlen > r->rtm_dst_len)
-			return 0;
-	} else if (filter.rdst.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.rdst.bitlen > r->rtm_dst_len)
-			return 0;
-	}
-	if (filter.mdst.family) {
-		if (r->rtm_family != filter.mdst.family ||
-		    (filter.mdst.bitlen >= 0 &&
-		     filter.mdst.bitlen < r->rtm_dst_len))
-			return 0;
-	} else if (filter.mdst.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.mdst.bitlen >= 0 &&
-		    filter.mdst.bitlen < r->rtm_dst_len)
-			return 0;
-	}
-	if (filter.rsrc.family) {
-		if (r->rtm_family != filter.rsrc.family ||
-		    filter.rsrc.bitlen > r->rtm_src_len)
-			return 0;
-	} else if (filter.rsrc.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.rsrc.bitlen > r->rtm_src_len)
-			return 0;
-	}
-	if (filter.msrc.family) {
-		if (r->rtm_family != filter.msrc.family ||
-		    (filter.msrc.bitlen >= 0 &&
-		     filter.msrc.bitlen < r->rtm_src_len))
-			return 0;
-	} else if (filter.msrc.flags & PREFIXLEN_SPECIFIED) {
-		if (filter.msrc.bitlen >= 0 &&
-		    filter.msrc.bitlen < r->rtm_src_len)
-			return 0;
-	}
+	if (filter.rdst.family &&
+	    (r->rtm_family != filter.rdst.family || filter.rdst.bitlen > r->rtm_dst_len))
+		return 0;
+	if (filter.mdst.family &&
+	    (r->rtm_family != filter.mdst.family ||
+	     (filter.mdst.bitlen >= 0 && filter.mdst.bitlen < r->rtm_dst_len)))
+		return 0;
+	if (filter.rsrc.family &&
+	    (r->rtm_family != filter.rsrc.family || filter.rsrc.bitlen > r->rtm_src_len))
+		return 0;
+	if (filter.msrc.family &&
+	    (r->rtm_family != filter.msrc.family ||
+	     (filter.msrc.bitlen >= 0 && filter.msrc.bitlen < r->rtm_src_len)))
+		return 0;
 	if (filter.rvia.family) {
 		int family = r->rtm_family;
 
@@ -243,9 +221,7 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 
 	if (tb[RTA_DST])
 		memcpy(&dst.data, RTA_DATA(tb[RTA_DST]), (r->rtm_dst_len+7)/8);
-	if (filter.rsrc.family || filter.msrc.family ||
-	    filter.rsrc.flags & PREFIXLEN_SPECIFIED ||
-	    filter.msrc.flags & PREFIXLEN_SPECIFIED) {
+	if (filter.rsrc.family || filter.msrc.family) {
 		if (tb[RTA_SRC])
 			memcpy(&src.data, RTA_DATA(tb[RTA_SRC]), (r->rtm_src_len+7)/8);
 	}
@@ -265,18 +241,15 @@ static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 			memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len/8);
 	}
 
-	if ((filter.rdst.family || filter.rdst.flags & PREFIXLEN_SPECIFIED) &&
-	    inet_addr_match(&dst, &filter.rdst, filter.rdst.bitlen))
+	if (filter.rdst.family && inet_addr_match(&dst, &filter.rdst, filter.rdst.bitlen))
 		return 0;
-	if ((filter.mdst.family || filter.mdst.flags & PREFIXLEN_SPECIFIED) &&
+	if (filter.mdst.family && filter.mdst.bitlen >= 0 &&
 	    inet_addr_match(&dst, &filter.mdst, r->rtm_dst_len))
 		return 0;
 
-	if ((filter.rsrc.family || filter.rsrc.flags & PREFIXLEN_SPECIFIED) &&
-	    inet_addr_match(&src, &filter.rsrc, filter.rsrc.bitlen))
+	if (filter.rsrc.family && inet_addr_match(&src, &filter.rsrc, filter.rsrc.bitlen))
 		return 0;
-	if ((filter.msrc.family || filter.msrc.flags & PREFIXLEN_SPECIFIED) &&
-	    filter.msrc.bitlen >= 0 &&
+	if (filter.msrc.family && filter.msrc.bitlen >= 0 &&
 	    inet_addr_match(&src, &filter.msrc, r->rtm_src_len))
 		return 0;
 
diff --git a/lib/utils.c b/lib/utils.c
index 379739d61246..87b609f2a6bc 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -681,6 +681,19 @@ int get_prefix_1(inet_prefix *dst, char *arg, int family)
 	char *slash;
 	int err, bitlen, flags;
 
+	memset(dst, 0, sizeof(*dst));
+
+	if (strcmp(arg, "default") == 0 ||
+	    strcmp(arg, "any") == 0 ||
+	    strcmp(arg, "all") == 0) {
+		if ((family == AF_DECnet) || (family == AF_MPLS))
+			return -1;
+		dst->family = family;
+		dst->bytelen = 0;
+		dst->bitlen = 0;
+		return 0;
+	}
+
 	slash = strchr(arg, '/');
 	if (slash)
 		*slash = 0;
-- 
2.16.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ