lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 26 Feb 2008 10:55:38 +0000
From:	Jarek Poplawski <jarkao2@...il.com>
To:	Wei Yongjun <yjwei@...fujitsu.com>
Cc:	Li Yewang <lyw@...fujitsu.com>, davem@...emloft.net,
	swhiteho@...hat.com, netdev@...r.kernel.org
Subject: Re: [PATCH] Can not send icmp netunreach packet

On Tue, Feb 26, 2008 at 06:59:08PM +0900, Wei Yongjun wrote:
> Jarek Poplawski wrote:
>
> Maybe ip_error() does not handle the ESRCH error. In this place ESRCH eq  
> to ENETUNREACH?

It doesn't handle ESRCH for sure... Current solution seems to expect
it is changed earlier to ENETUNREACH. It looks reasonable because
otherwise all other places checking for this should be updated too.

But, IMHO, it could be tested if such a change here helps in current
problem, and then maybe found where it was skipped? On the other hand,
probably checking with grep for all such ENETUNREACH cases, and adding
ESRCH where needed could be much simpler and safer...

Jarek P.

>
> static int ip_error(struct sk_buff *skb)
> {
> 	struct rtable *rt = (struct rtable*)skb->dst;
> 	unsigned long now;
> 	int code;
>
> 	switch (rt->u.dst.error) {
> 		case EINVAL:
> 		default:
> 			goto out;
> 		case EHOSTUNREACH:
> 			code = ICMP_HOST_UNREACH;
> 			break;
> 		case ENETUNREACH:
> 			code = ICMP_NET_UNREACH;
> 			break;
> 		case EACCES:
> 			code = ICMP_PKT_FILTERED;
> 			break;
> 	}
> ...............snip....................
> }
>
>
>
>> On 26-02-2008 07:34, Li Yewang wrote:
>>   
>>> Hi All
>>>
>>>    There is a bug about icmp netunreach.
>>>    If the kernel does not find a route for a packet,    it must send 
>>> a icmp netunreach packet to the source host,    and  discard  the 
>>> packet. But the  kernel  does not send    a icmp netunreach packet 
>>> because of the  fib_lookup
>>>    return value  of -ESRCH when a route  is not found.     
>>
>> ...or because some function doesn't handle -ESRCH return from
>> fib_lookup? It seems changing this to -ESRCH was needed in some cases.
>> And you don't explain enough why it can't be handled later (like in
>> ipv4/route.c: ip_route_input_slow)?
>>   
>
>
>> Regards,
>> Jarek P.
>>
>>   
>>> Signed-off-by: Li Yewang <lyw@...fujitsu.com>
>>>
>>> diff -Nurp net/core_back/fib_rules.c net/core/fib_rules.c
>>> --- net/core_back/fib_rules.c   2008-02-25 13:15:37.000000000 +0800
>>> +++ net/core/fib_rules.c        2008-02-25 13:16:01.000000000 +0800
>>> @@ -188,7 +188,7 @@ jumped:
>>>  		}
>>>  	}
>>>  -	err = -ESRCH;
>>> +	err = -ENETUNREACH;
>>>  out:
>>>  	rcu_read_unlock();
>>>
>>>     
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ