lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1321391355.2602.0.camel@edumazet-laptop>
Date:	Tue, 15 Nov 2011 22:09:15 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Ivan Zahariev <famzah@...soft.com>
Cc:	netdev@...r.kernel.org
Subject: Re: Unable to flush ICMP redirect routes in kernel 3.0+

Le mardi 15 novembre 2011 à 22:23 +0200, Ivan Zahariev a écrit :
> Hello,
> 
> We have changed nothing in our network infrastructure but only upgraded 
> from Linux kernel 2.6.36.2 to 3.0.3. Here is the problem we are 
> experiencing:
> 
> ICMP redirected routes are cached forever, and they can be cleared only 
> by a reboot.
> 
> Here is an example:
> 
> root@...hine5:~# ip route get 1.1.1.1
> 1.1.1.1 via 9.0.0.1 dev eth0  src 5.5.5.5
>      cache <redirected>  ipid 0xfb5d rtt 1475ms rttvar 450ms cwnd 10
> 
> root@...hine5:~# ip route list cache match 1.1.1.1
> 1.1.1.1 tos lowdelay via 9.0.0.1 dev eth0  src 5.5.5.5
>      cache <redirected>  ipid 0xfb5d rtt 1475ms rttvar 450ms cwnd 10
> 1.1.1.1 via 9.0.0.1 dev eth0  src 5.5.5.5
>      cache <redirected>  ipid 0xfb5d rtt 1475ms rttvar 450ms cwnd 10
> ...(two more entries, all go via 9.0.0.1)...
> 
> 1.1.1.1 is the test destination address
> 5.5.5.5 is the source IP address of "machine5" via dev eth0, the only 
> interface besides "lo"
> 9.0.0.1 is the incorrect gateway which we were redirected to; we want to 
> change the route to 9.0.0.8
> 
> I found no way to clear this route. What I tried:
> 
> root@...hine5:~# ip route flush cache ### CACHE FLUSH ###
> root@...hine5:~# ip route list cache match 1.1.1.1 # empty
> 
> root@...hine5:~# ip route flush cache ### CACHE FLUSH ###
> root@...hine5:~# echo 1 > /proc/sys/net/ipv4/route/flush
> root@...hine5:~# ip route list cache match 1.1.1.1 # empty
> 
> root@...hine5:~# ip route get 1.1.1.1 # magically re-inserts the 
> <redirected> route, tcpdump sees NO ICMP traffic
> 1.1.1.1 via 9.0.0.1 dev eth0  src 5.5.5.5
>      cache <redirected>  ipid 0xfb5d rtt 1475ms rttvar 450ms cwnd 10
> 
> I also tried to force a scheduled route flush:
> 
> root@...hine5:~# echo 1 > /proc/sys/net/ipv4/route/gc_timeout
> root@...hine5:~# echo 1 > /proc/sys/net/ipv4/route/gc_interval
> 
> A reboot fixed it all.
> 
> This may be related to the "Several major changes to our routing 
> infrastructure" (https://lkml.org/lkml/2011/3/16/384).
> Other users are reporting the same problem:
> * https://plus.google.com/u/0/117161704068825702652/posts/1UK1Rp4KA4J
> * http://lists.debian.org/debian-kernel/2011/10/msg00633.html
> Other similar issues:
> * http://www.spinics.net/lists/netdev/msg176966.html
> * http://forums.gentoo.org/viewtopic-t-901024-start-0.html
> 
> This has been occurring on a few KVM guest machines and also on a 
> regular Linux machine, so it's not KVM related.
> 
> Is this a bug, or it's me who's missing something?
> 

It is a bug, and as such could you provide needed information for us to
reproduce it ?

What is your network setup ?



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ