lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 24 Jan 2013 10:11:39 +0000 (UTC)
From:	Axel Neumann <neumann@...s.de>
To:	netdev@...r.kernel.org
Subject: Re: [PATCH net-next] ipv6: fix handling of throw routes

Hi

Nicolas Dichtel <nicolas.dichtel <at> 6wind.com> writes:

> 
> Le 07/09/2012 20:18, David Miller a écrit :
> > From: Nicolas Dichtel <nicolas.dichtel <at> 6wind.com>
> > Date: Thu,  6 Sep 2012 11:53:35 -0400
> >
> >> It's the same problem that previous fix about blackhole and prohibit routes.
> >>
> >> When adding a throw route, it was handled like a classic route.
> >> Moreover, it was only possible to add this kind of routes by specifying
> >> an interface.
> >>
> >> Before the patch:
> >>    $ ip route add throw 2001::2/128
> >>    RTNETLINK answers: No such device
> >>    $ ip route add throw 2001::2/128 dev eth0
> >>    $ ip -6 route | grep 2001::2
> >>    2001::2 dev eth0  metric 1024
> >>
> >> After:
> >>    $ ip route add throw 2001::2/128
> >>    $ ip -6 route | grep 2001::2
> >>    throw 2001::2 dev lo  metric 1024  error -11
> >>
> >> Reported-by: Markus Stenberg <markus.stenberg <at> iki.fi>
> >> Signed-off-by: Nicolas Dichtel <nicolas.dichtel <at> 6wind.com>
> >
> > Applied, thanks.


Although 'ip -6 route show' now reports a "throw" instead of an "unreachable"
route the behavior of a configured IPv6 "throw" route still seems incorrect and
similar to that of an "unreachable" route!


I've tested with kernel 3.7.4 which includes this patch:
http://git.kernel.org/?p=linux/kernel/git/davem/net-next.git;a=commitdiff;h=ef2c7d7b59708d54213c7556a82d14de9a7e4475

An example scenario using a dedicated routing table (IMHO the main use case for
throw routes) is given below...

greetings
/axel



The following scenario shows an example:
computer 1001 and 1002 connected via ethernet eth2
computer 1002 has 1001:2::2/64 on eth2


Now at computer 1001:

root@...1001:~# ping6 1001:2::2 -c 1
connect: Network is unreachable

root@...1001:~# ip a add 1001:2::1/64 dev eth2

root@...1001:~# ip -6 rule add from all lookup 10 pref 1000

root@...1001:~# ip -6 rule    
0:      from all lookup local 
1000:   from all lookup 10 
32766:  from all lookup main 

root@...1001:~# ip -6 route list table 10

root@...1001:~# ping6 1001:2::2 -c 1
PING 1001:2::2(1001:2::2) 56 data bytes
64 bytes from 1001:2::2: icmp_seq=1 ttl=64 time=0.263 ms
--- 1001:2::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.263/0.263/0.263/0.000 ms

root@...1001:~# ip -6 route add throw 1001:2::/64 table 10

root@...1001:~# ip -6 route list table 10
throw 1001:2::/64 dev lo  metric 1024  error -11

root@...1001:~# ping6 1001:2::2 -c 1
connect: Resource temporarily unavailable


# Although the destination lookup should only be thrown for table 10
# and continue on the main table where a valid local route exists
# it fails. For remote throw routes the error says something like:
# From 1001:2::2 icmp_seq=1 Destination unreachable: No route
# Removing the throw route again it works again...


root@...1001:~# ip -6 r
1001:2::/64 dev eth2  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
fe80::/64 dev eth2  proto kernel  metric 256 

root@...1001:~# ip -6 route del throw 1001:2::/64 table 10

root@...1001:~# ping6 1001:2::2 -c 1
PING 1001:2::2(1001:2::2) 56 data bytes
64 bytes from 1001:2::2: icmp_seq=1 ttl=64 time=0.264 ms
--- 1001:2::2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.264/0.264/0.264/0.000 ms

root@...1001:~# ip -6 r
1001:2::2 via 1001:2::2 dev eth2  metric 0 
    cache 
1001:2::/64 dev eth2  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
fe80::/64 dev eth2  proto kernel  metric 256 
root@...1001:~# 



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ