lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 29 Nov 2006 16:08:45 +0800
From:	Li Yewang <lyw@...jing-fnst.com>
To:	netdev@...r.kernel.org
Cc:	herbert@...dor.apana.org.au
Subject: Re:[PATCH]Fix BUG of ip_rt_send_redirect()

Herbert Xu <herbert@...dor.apana.org.au> wrote:

> 
>I think there are two problems here:
> 
>1)The first time we hit the check rate_last is zero. We should simply
>proceed with the redirect rather than treating this as a jiffies value.
> 
>2)When a dst is so old that the jiffies have wrapped around.  I'm
>not sure whether this is worth solving as it should be extremely rare
>unless your HZ is sufficiently large and you're on a 32-bit platform.
> 
>One solution would be to periodically reset the rate_last fields to
>their original states.  Perhaps we can combine that with the GC.


Mr Herbert Xu:

According to your advice, I have made another patch for the redirect
bug.

This patch does not think of the jiffies wraparound any more.
Because if the router sends a redirect packet for the first time,
the redirect route cache entry will be created in the route cache.
If this entry is used frequently(This should be extremely rare), 
the rate_last will be update to the current jiffies when it sends 
the redirect packet. So we don't concern about the jiffies wraparound.
If this entry does not be used for a long time, the GC will remove 
it from route cache. Next time if we want to use this entry, 
the redirect entry will be created in the route cache again, and the
rate_last will be initialized to 0. So we don't care of the jiffies
wraparound too.


Following is my patch:

Signed-off-by: Li Yewang <lyw@...jing-fnst.com>

--- linux-2.6.19/net/ipv4/route.c.org 2006-12-05 10:47:02.402147160
+0800
+++ linux-2.6.19/net/ipv4/route.c 2006-12-05 10:48:26.339386760 +0800
@@ -1327,7 +1327,8 @@ void ip_rt_send_redirect(struct sk_buff 
  /* Check for load limit; set rate_last to the latest sent
   * redirect.
   */
- if (time_after(jiffies,
+ if (rt->u.dst.rate_last == 0 ||
+     time_after(jiffies,
          (rt->u.dst.rate_last +
    (ip_rt_redirect_load << rt->u.dst.rate_tokens)))) {
   icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);


To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists