| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Sep 2012 13:53:13 -0700
From: Maciej Żenczykowski <zenczykowski@...il.com>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Lorenzo Colitti <lorenzo@...gle.com>,
Tom Herbert <therbert@...gle.com>
Subject: Re: [PATCH net-next 1/2] ipv6: force RTF_NONEXTHOP for SIT device
On Wed, Sep 12, 2012 at 5:01 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> From: Eric Dumazet <edumazet@...gle.com>
>
> We have special handling of SIT devices in addrconf_prefix_route()
> to avoid using a neighbour for each destination.
>
> If routing entry is :
>
> ip -6 route add 2001:db8::/64 dev sit1
>
> Then the kernel will create a new route for every new address
> under 2001:db8::/64 that we send a packet to (potentially, 2^64
> routes).
>
> Under load, we immediately get the infamous "Neighbour table overflow"
> message and machine eventually crash.
>
> This does not happen if we specify a next-hop explicitly, like so:
>
> ip -6 route add 2001:db8::/64 via fe80:: dev sit1
>
> We can avoid this hassle doing the SIT test in ip6_route_add() instead
> of addrconf_prefix_route().
>
> This permits ip6_pol_route() to clone route instead of calling
> rt6_alloc_cow() and allocate a neighbour
>
> Reported-by: Lorenzo Colitti <lorenzo@...gle.com>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Maciej Żenczykowski <maze@...gle.com>
> Cc: Tom Herbert <therbert@...gle.com>
> ---
> net/ipv6/addrconf.c | 10 ----------
> net/ipv6/route.c | 9 +++++++++
> 2 files changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 1237d5d..c6837d2 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -1679,16 +1679,6 @@ addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
> };
>
> cfg.fc_dst = *pfx;
> -
> - /* Prevent useless cloning on PtP SIT.
> - This thing is done here expecting that the whole
> - class of non-broadcast devices need not cloning.
> - */
> -#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
> - if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT))
> - cfg.fc_flags |= RTF_NONEXTHOP;
> -#endif
> -
> ip6_route_add(&cfg);
> }
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index 399613b..d4ba3fc 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -1540,6 +1540,15 @@ int ip6_route_add(struct fib6_config *cfg)
> } else
> rt->rt6i_prefsrc.plen = 0;
>
> + /* Prevent useless cloning on PtP SIT.
> + * This thing is done here expecting that the whole
> + * class of non-broadcast devices need not cloning.
> + */
> +#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
> + if (dev && dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT))
> + cfg->fc_flags |= RTF_NONEXTHOP;
> +#endif
> +
> if (cfg->fc_flags & (RTF_GATEWAY | RTF_NONEXTHOP)) {
> err = rt6_bind_neighbour(rt, dev);
> if (err)
>
>
Acked-by: Maciej Żenczykowski <maze@...gle.com>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists