lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <alpine.LFD.2.00.1105282138520.1434@ja.ssi.bg>
Date:	Sat, 28 May 2011 22:10:56 +0300 (EEST)
From:	Julian Anastasov <ja@....bg>
To:	Victor Mataré <matare@....rwth-aachen.de>
cc:	David Miller <davem@...emloft.net>, akpm@...ux-foundation.org,
	netdev@...r.kernel.org, bugzilla-daemon@...zilla.kernel.org,
	bugme-daemon@...zilla.kernel.org
Subject: Re: [Bugme-new] [Bug 35862] New: arp requests from wrong src IP


	Hello,

On Sat, 28 May 2011, Victor Mataré wrote:

> ok - starting situation was 2 IPs: 137.226.164.13/24 (eth0) and 192.168.23.13/24 (eth0:0)
> then I did "ifconfig eth0 137.226.164.2 netmask 255.255.255.0"
> I'm not exactly sure what happened then, but the result was that "ip addr show dev eth0" showed that eth0 still had the old IP address, while ifconfig didn't. Ifconfig was misbehaving in some kind of way, that's why I checked the situation with the ip tool. Then I used ip to configure everything as intended and now I have the situation described in this bug. Note that the server has been in productive use for a week now despite of that.
> 
> > 
> > - output of 'ip route list table local' after IPs are changed and
> > before starting arping
> 
> broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
> broadcast 192.168.23.0 dev eth0  proto kernel  scope link  src 192.168.23.2 
> local 192.168.23.2 dev eth0  proto kernel  scope host  src 192.168.23.2 
> local 137.226.164.2 dev eth0  proto kernel  scope host  src 137.226.164.2 
> local 137.226.164.13 dev eth0  proto kernel  scope host  src 137.226.164.13 
> broadcast 192.168.23.255 dev eth0  proto kernel  scope link  src 192.168.23.2 
> broadcast 137.226.164.255 dev eth0  proto kernel  scope link  src 137.226.164.2 
> broadcast 137.226.164.255 dev eth0  proto kernel  scope link  src 192.168.23.2 
> broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
> local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
> local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 
> 
> I guess that entry "local 137.226.164.13" shouldn't be there? But shouldn't that be removed automatically when I delete the IP from eth0?

	Yes, this problem looks like what we fixed recently:

http://marc.info/?l=linux-netdev&m=129848300922970&w=2
http://marc.info/?l=linux-netdev&m=130048961407666&w=2
http://marc.info/?l=linux-netdev&m=130057251901164&w=2

	It can happen only when you add 137.226.164.13 many
times with different subnet mask at the same time,
eg. /32 and /24.

	To understand what really happens for your setup
we should try commands that reproduce the problem, eg.
on some unused device such as eth1 or dummy0. The first
link has such test script as example. Leaving such routes
should be reproducible.

Regards

--
Julian Anastasov <ja@....bg>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ