lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jun 2008 15:03:48 +0200 (CEST) From: Krzysztof Oledzki <olel@....pl> To: Patrick McHardy <kaber@...sh.net> cc: Jarek Poplawski <jarkao2@...il.com>, netdev@...r.kernel.org Subject: Re: [PATCH] Fix routing tables with id > 255 for legacy software On Tue, 3 Jun 2008, Patrick McHardy wrote: > Jarek Poplawski wrote: >> On Tue, Jun 03, 2008 at 12:37:35PM +0200, Krzysztof Oledzki wrote: >>> >> If such an old app uses rtm_table, this 253 table could be used for >> something and get additional entries after this patch. Another case >> would be when such an overflow on 0xff is "expected", then old tables >> would loose their entries. I hope I'm wrong with this, but it looks >> like admins can do strange things, and then this would be called a >> regression. So, I think this patch is right if we are sure there are >> no such cases... >> >>>> BTW, I wonder, how these old appliction would treat RT_TABLE_UNSPEC >>>> instead. >>> Such old appliction is for example zebra/quagga: it asks for all routes, >>> does not know about RTA_TABLE so uses rtm_table and selects all entries >>> with rtm_table == RT_TABLE_MAIN or zebrad.rtm_table_default which is >>> unfortunately 0 by default. So no, RT_TABLE_UNSPEC (0) does not help, even >>> makes everythink worse here. >> >> I see: so we don't care for these RT_TABLE_COMPAT entries, let only >> they don't go to _MAIN or _UNSPEC! > > Well, if people already use table 253, I guess they might care. Not really as if pople use a FRA_TABLE aware application they should not notice any difference. > I'm not convinced this is any better than overflowing. But if they use FRA_TABLE unaware application than overflowing means mismatching all: - N*256 table as RT_TABLE_UNSPEC - N*256+253 tables as RT_TABLE_DEFAULT - N*256+254 tables as RT_TABLE_MAIN - N*256+255 tables as RT_TABLE_LOCAL And as I just find out, when it happens is quite unexpected and can really hurt. :( > And I still don't see any other way to handle this properly. Exactly. So that's why I came with above solution, similar to AS_TRANSIT idea used in BGP to handle 16bit -> 32bit ASN transformation. Best regards, Krzysztof Olędzki
Powered by blists - more mailing lists