lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 19 Jul 2023 15:21:43 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: Ido Schimmel <idosch@...sch.org>
Cc: netdev@...r.kernel.org, "David S . Miller" <davem@...emloft.net>,
	David Ahern <dsahern@...nel.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Thomas Haller <thaller@...hat.com>
Subject: Re: [PATCH net] ipv6: do not match device when remove source route

On Tue, Jul 18, 2023 at 02:42:02PM +0300, Ido Schimmel wrote:
> > diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> > index 64e873f5895f..ab8c364e323c 100644
> > --- a/net/ipv6/route.c
> > +++ b/net/ipv6/route.c
> > @@ -4607,7 +4607,6 @@ void rt6_remove_prefsrc(struct inet6_ifaddr *ifp)
> >  {
> >  	struct net *net = dev_net(ifp->idev->dev);
> >  	struct arg_dev_net_ip adni = {
> > -		.dev = ifp->idev->dev,
> 
> Wouldn't this affect routes in different VRFs?
> 
> See commit 5a56a0b3a45d ("net: Don't delete routes in different VRFs")
> and related fixes:

Thanks for this notify. I saw this is for IPv4 only and there is no IPv6 version.
I can try add an IPv6 version patch for this issue. The fib_tb_id is based
on table id. So in same table we still need to not check the device and remove
all source routes.
 
> 8a2618e14f81 ipv4: Fix incorrect table ID in IOCTL path
> c0d999348e01 ipv4: Fix incorrect route flushing when table ID 0 is used
> f96a3d74554d ipv4: Fix incorrect route flushing when source address is deleted
> e0a312629fef ipv4: Fix table id reference in fib_sync_down_addr
> 
> Anyway, please add tests to tools/testing/selftests/net/fib_tests.sh

The fib_tests.sh result looks good as my patch affects IPv6 only.

# ./fib_tests.sh

Single path route test
    Start point
    TEST: IPv4 fibmatch                                                 [ OK ]
    TEST: IPv6 fibmatch                                                 [ OK ]
    Nexthop device deleted
    TEST: IPv4 fibmatch - no route                                      [ OK ]
    TEST: IPv6 fibmatch - no route                                      [ OK ]

[...]

IPv4 broadcast neighbour tests
    TEST: Resolved neighbour for broadcast address                      [ OK ]
    TEST: Resolved neighbour for network broadcast address              [ OK ]
    TEST: Unresolved neighbour for broadcast address                    [ OK ]
    TEST: Unresolved neighbour for network broadcast address            [ OK ]

Tests passed: 203
Tests failed:   0

BTW, It's a bit different for IPv4 and IPv6. IPv4 will remove the total
source routes, while IPv6 only remove the source address and keep the route.
e.g.

IPv4:
+ ip -netns x addr add 192.168.5.5/24 dev net1
+ ip -netns x route add 7.7.7.0/24 dev net2 src 192.168.5.5
+ ip -netns x -4 route
7.7.7.0/24 dev net2 scope link src 192.168.5.5 
192.168.5.0/24 dev net1 proto kernel scope link src 192.168.5.5 
+ ip -netns x addr del 192.168.5.5/24 dev net1
+ ip -netns x -4 route

IPv6:

+ ip addr add 1:2:3:4::5/64 dev dummy1
+ ip route add 7:7:7:0::1 dev dummy1 src 1:2:3:4::5
+ ip -6 route show
1:2:3:4::/64 dev dummy1 proto kernel metric 256 pref medium
7:7:7::1 dev dummy1 src 1:2:3:4::5 metric 1024 pref medium
+ ip addr del 1:2:3:4::5/64 dev dummy1
+ ip -6 route show
7:7:7::1 dev dummy1 metric 1024 pref medium

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ