lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4900B8C0.5020205@hp.com>
Date:	Thu, 23 Oct 2008 13:47:44 -0400
From:	Vlad Yasevich <vladislav.yasevich@...com>
To:	David Miller <davem@...emloft.net>
CC:	netdev@...r.kernel.org
Subject: Re: on-link assumption in ipv4 routing cache

David Miller wrote:
> From: Vlad Yasevich <vladislav.yasevich@...com>
> Date: Mon, 20 Oct 2008 21:02:44 -0400
> 
>> This was somewhat of a surprise since I expected a EHOSTUNRACH error since
>> there were no routes to the destination and SO_DONTROUTE was not set.
>>
>> I am really curious as to reason for this behavior?
> 
> In general the Linux ipv4 stack tries to do things that make it more
> likely for successful communication between two nodes.
> 
> This is one such example, another is the choice of using the host
> based addressing model rather than the interface based addressing
> model.
> 
> Alexey Kuznetsov is responsible for most of these decisions, he is
> a genius.
> 

Hi David

Ok, I've found the code and the explanation, but I think there is
a small bug here that's been around a very long time.  There is absolutely
no checking for the interface state.  This means that if the interface
is brought down, we are still going to attempt to route through it.
That seems broken, since the interface was administratively brought down.

I've actually tried to do this with my test app.  I've set it to connect
over a given interface, brought the interface down, and then issued the
connect().  The result is that the app hung until tcp_syn_retries SYNs have
been issued and then returned error.

I've got no issues against on-link assumption as long as there are some smarts
behind it.  The least we could do is use a running interface.

-vlad
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ