| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Aug 2013 14:45:40 -0400 From: Debabrata Banerjee <dbavatar@...il.com> To: Jiri Pirko <jiri@...nulli.us>, mleitner@...hat.com, "davem@...emloft.net" <davem@...emloft.net> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, "jmorris@...ei.org" <jmorris@...ei.org>, "yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>, Patrick McHardy <kaber@...sh.net>, "Banerjee, Debabrata" <dbanerje@...mai.com>, Joshua Hunt <johunt@...mai.com> Subject: Re: [patch net] ipv6: do not create neighbor entries for local delivery On Wed, Jan 30, 2013 at 3:26 AM, Jiri Pirko <jiri@...nulli.us> wrote: > From: Marcelo Ricardo Leitner <mleitner@...hat.com> > > They will be created at output, if ever needed. This avoids creating > empty neighbor entries when TPROXYing/Forwarding packets for addresses > that are not even directly reachable. > > Note that IPv4 already handles it this way. No neighbor entries are > created for local input. > > Tested by myself and customer. > > Signed-off-by: Jiri Pirko <jiri@...nulli.us> > Signed-off-by: Marcelo Ricardo Leitner <mleitner@...hat.com> > --- > net/ipv6/route.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/ipv6/route.c b/net/ipv6/route.c > index e229a3b..363d8b7 100644 > --- a/net/ipv6/route.c > +++ b/net/ipv6/route.c > @@ -928,7 +928,7 @@ restart: > dst_hold(&rt->dst); > read_unlock_bh(&table->tb6_lock); > > - if (!rt->n && !(rt->rt6i_flags & RTF_NONEXTHOP)) > + if (!rt->n && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) > nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); > else if (!(rt->dst.flags & DST_HOST)) > nrt = rt6_alloc_clone(rt, &fl6->daddr); I'm not sure this patch is doing the right thing. It seems to break IPv6 loopback functionality, it is no longer equivalent to IPv4, as stated above. It doesn't just stop neighbor creation but it stops cached route creation. Seems like a scary change for a stable tree. See below: $ ip -4 route show local local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 This local route enables us to use the whole loopback network, any address inside 127.0.0.0/8 will work. $ ping -c1 127.0.0.9 PING 127.0.0.9 (127.0.0.9) 56(84) bytes of data. 64 bytes from 127.0.0.9: icmp_seq=1 ttl=64 time=0.012 ms --- 127.0.0.9 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.012/0.012/0.012/0.000 ms This also used to work equivalently for IPv6 local loopback routes: $ ip -6 route add local 2001:::/64 dev lo $ ping6 -c1 2001::9 PING 2001::9(2001::9) 56 data bytes 64 bytes from 2001::9: icmp_seq=1 ttl=64 time=0.010 ms --- 2001::9 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.010/0.010/0.010/0.000 ms However with this patch, this is very broken: $ ip -6 route add local 2001::/64 dev lo $ ping6 -c1 2001::9 PING 2001::9(2001::9) 56 data bytes ping: sendmsg: Invalid argument --- 2001::9 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms Thanks, Debabrata -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists