lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <91F83ACD-AA02-4A10-B6B0-9545B7EEC324@inf-net.nl>
Date:	Thu, 7 Nov 2013 16:51:40 -0800
From:	Teco Boot <teco@...-net.nl>
To:	netdev@...r.kernel.org
Subject: IPv6 subtrees bug report: source prefix cached, should be source address only 

For IPv6 source address dependent routing, FIB lookup is based on longest match destination address and as second step longest match source address. Results are stored in the cache. The cache entry has a *source prefix* stored, this should be a *source address*.

Below a test script and results. Two tests are performed, each on same routing table. Second test is same as first one, but lookups are in reverse order. Outcome of the test differs, this is wrong.

Suggested solution: do not store source prefix in route cache, but store the source address. Site effect would be increased cache size, but this is necessary. 

Teco


teco@...ntu:~$ sudo ./ipv6-sadr.sh 
===> This is my system:
Linux ubuntu 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:12:00 UTC 2013 i686 i686 i686 GNU/Linux
CONFIG_IPV6_SUBTREES=y
... clean up for our experiment
... add a link-local
... add some source address specific defaults
====> Now I have this routing table
2001:db8:3::/48 from 2001:db8:2:99::/64 via fe80::99 dev eth0  metric 1024 
2001:db8:3::/48 from 2001:db8:2::/48 via fe80::20 dev eth0  metric 1024 
2001:db8:3:3::/64 from 2001:db8:1::/48 via fe80::10 dev eth0  metric 1024 
fe80::1 dev eth0  proto kernel  metric 256 
====> Create cache entries, longest match first, result looks OK2001:db8:3:3::1 from 2001:db8:2:99::1 via fe80::99 dev eth0  src ::1  metric 0 \    cache 
2001:db8:3:3::1 from 2001:db8:2::1 via fe80::20 dev eth0  src ::1  metric 0 \    cache 
===> Now the route cache has two entries
===>
2001:db8:3:3::1 from 2001:db8:2:99::/64 via fe80::99 dev eth0  metric 0 \    cache 
2001:db8:3:3::1 from 2001:db8:2::/48 via fe80::20 dev eth0  metric 0 \    cache 
===>
... clean up for our experiment
... add a link-local
... add some source address specific defaults
====> Now I have this routing table
2001:db8:3::/48 from 2001:db8:2:99::/64 via fe80::99 dev eth0  metric 1024 
2001:db8:3::/48 from 2001:db8:2::/48 via fe80::20 dev eth0  metric 1024 
2001:db8:3:3::/64 from 2001:db8:1::/48 via fe80::10 dev eth0  metric 1024 
fe80::1 dev eth0  proto kernel  metric 256 
====> Create cache entries, longest match later on, result looks OK2001:db8:3:3::1 from 2001:db8:2::1 via fe80::20 dev eth0  src ::1  metric 0 \    cache 
2001:db8:3:3::1 from 2001:db8:2:99::1 via fe80::20 dev eth0  src ::1  metric 0 \    cache 
===> Now the route cache has only one entry
===>
2001:db8:3:3::1 from 2001:db8:2::/48 via fe80::20 dev eth0  metric 0 \    cache 
===>
... clean up for our experiment
... add a link-local



teco@...ntu:~$ cat ipv6-sadr.sh 
#!/bin/bash

function ShowSystem {
 echo "===> This is my system:" 
 uname -a
 grep IPV6_SUBTREES /boot/config-`uname -r`
}

function ClearRouting {
 echo "... clean up for our experiment"
 ip -6 address flush dev eth0
 ip -6 route flush table all
 echo "... add a link-local"
 ip address add fe80::1 dev eth0
}

function SetupRouting {
 echo "... add some source address specific defaults"
 # from draft-baker-ipv6-ospf-dst-src-routing-03
 # 1.  2001:db8:1::/48 -> 2001:db8:3:3::/64
 ip -6 route add 2001:db8:3:3::/64 from 2001:db8:1::/48 via fe80::10 dev eth0
 # 2.  2001:db8:2::/48 -> 2001:db8:3::/48
 ip -6 route add 2001:db8:3::/48 from 2001:db8:2::/48 via fe80::20 dev eth0
 # add another route, for hitting wrong cache entry
 ip -6 route add 2001:db8:3::/48 from 2001:db8:2:99::/64 via fe80::99 dev eth0
 echo "====> Now I have this routing table"
 ip -6 -o route show table main
}

ShowSystem
ClearRouting
SetupRouting

echo -n "====> Create cache entries, longest match first, result looks OK"
ip -6 -o route get 2001:db8:3:3::1  from 2001:db8:2:99::1
ip -6 -o route get 2001:db8:3:3::1  from 2001:db8:2::1
echo "===> Now the route cache has two entries"
echo "===>"
ip -6 -o route show cache
echo "===>"

ClearRouting
SetupRouting

echo -n "====> Create cache entries, longest match later on, result looks OK"
ip -6 -o route get 2001:db8:3:3::1  from 2001:db8:2::1
ip -6 -o route get 2001:db8:3:3::1  from 2001:db8:2:99::1
echo "===> Now the route cache has only one entry"
echo "===>"
ip -6 -o route show cache
echo "===>"

ClearRouting

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ