| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jun 2010 08:10:43 -0700 From: Ben Greear <greearb@...delatech.com> To: David Miller <davem@...emloft.net> CC: greearb@...il.com, netdev@...r.kernel.org Subject: Re: [iproute2] iproute2: Allow 'ip addr flush' to loop more than 10 times. On 06/28/2010 11:36 PM, David Miller wrote: > From: Ben Greear<greearb@...delatech.com> > Date: Mon, 28 Jun 2010 23:27:39 -0700 > >> I'm not sure I understand how this loop could have run forever >> anyway, unless some other process(es) was constantly adding >> addresses at the same time? Or maybe some ipv6 auto config thing? >> >> It appears there is already code to detect when the loop >> is done (flushing ~70 IPv4 addresses with -l 0 was one of my >> test cases, and worked as expected). > > What happens is that we are simply limited by how many addresses > we can delete in one go, and that limit is 4096 bytes of netlink > message size. > > So we have to iterate, reusing that buffer each time, to get them all > done. > > The limit exists because meanwhile it is possible that some other > entity could add addresses and thus cause us to loop forever and > never actually delete all of the addresses because every time we > delete a bunch the other entity adds more. > > I can understand the reasoning behind the limit, because if this is > run by something automated it's not like someone is at the command > line and hit Ctrl-C to break out of a looping instance. > > But practically speaking I bet this never happens. > > So what makes sense to me is: > > 1) Loop forever by default. > > 2) When the number of loops exceeds a threshold (calculated by the > number of addresses we see the first dump, divided by the number > of deletes we can squeeze into the 4096 byte message), we emit > a warning. > > 3) A hard limit, off by default, it available via your "-l" new option. > > But seriously we can determine forward progress quite easily I think. > > Each loop, we see if the dump returns a smaller number of addresses > than the last iteration. If so, we just keep going. > > If the number of addresses increases, I think we can bail in this > case. > > This logic would only ever trigger iff another entity is adding a > large number of addresses simultaneously with our flush. And frankly > speaking the person doing the flush probably doesn't expect that to be > happening. You're flushing all of the addresses so you can start with > a clean slate and then add specific addresses back, or whatever. If I understand your proposal properly, this would seem to be somewhat O(N^2) if we have large numbers of addresses, and I'm hoping to support thousands of IPs with decent performance. What do you think about improving the kernel side so that we can send a single netlink msg to delete all addresses on an interface, and just let the kernel do the looping/locking needed to make it happen? Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists