lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090223143830.GA23244@csclub.uwaterloo.ca>
Date:	Mon, 23 Feb 2009 09:38:30 -0500
From:	lsorense@...lub.uwaterloo.ca (Lennart Sorensen)
To:	David Miller <davem@...emloft.net>
Cc:	homecreate@...t.ru, netdev@...r.kernel.org
Subject: Re: Why linux keeps connected routes when link goes down

On Fri, Feb 20, 2009 at 12:15:08PM -0800, David Miller wrote:
> This is not necessarily true.
> 
> The subnet might be reachable by one of the other interfaces.
> Just the same as someone might be able to reach the down
> interface's IP address via another one of our interfaces.

If you assign IPs for the same subnet to two different interfaces in
linux, the results are not particularly useful.  The route contains
the interface associated with the creation of the route, and since
it doesn't go away even if you had the same route for two interfaecs,
it will never use the second one.

> The route is tied to the IP address, and the route is therefore
> created and destroyed alongside the IP address.

That's how it works now.  It wasn't how it worked in linux a long
time ago.  Long ago you had to create the route yourself in userspace
(which was actually to some extent better than the current setup).
The current method is simpler to understand for your typical user though.

> As long as the IP address is active and associated with the
> system, so is the route.

Exactly, and that's the problem when trying to be a router.  You still
want to be able to reach the system through any of the IPs assigned
to it, and you would prefer to still be able to reach any networks
through alternate routes if they exist.  The way linux, BSD and other
unix systems behave is counter productive to routing, and hence not the
way real router OSs work.

Fortunately patching some sense into the linux kernel isn't very hard.

-- 
Len Sorensen
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ