lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 8 Sep 2014 01:34:43 -0700
From:	Alex Gartrell <agartrell@...com>
To:	<davem@...emloft.net>
CC:	<edumazet@...gle.com>, <netdev@...r.kernel.org>,
	<kernel-team@...com>, <ps@...com>, Alex Gartrell <agartrell@...com>
Subject: [RFC PATCH net-next] ip6: Do not expire uncached routes for mtu invalidation

This patch does two things: first it won't introduced RTF_EXPIRES to
rt6i_flags unless it already exists or RTF_CACHE is set; second, in
ip_pol_route, we'll check for expiration without the RTF_EXPIRES bit, and,
if it's set, zero out the pmtu so that we'll fall back to the device mtu.

This fixes an issue where we were deleting local, uncached dst routes.
This would result in packets being rejected after mtu expiration.

Here's a repro of the problem.

  ip addr add dev lo face::1/128
  grep ^face0000000000000000000000000001 /proc/net/ipv6_route
  # The flags do not have RTF_MODIFIED | RTF_EXPIRED

  ipvsadm -A -t 8.8.8.8:15213 # service not supported on first try
  ipvsadm -A -t [face::1]:15213 -s rr > /dev/null
  ipvsadm -a -t [face::1]:15213 -r 2401:db00:20:7017:face:0:13:0 --ipip > /dev/null

  timeout 3 nc face::1 15213

  grep ^face0000000000000000000000000001 /proc/net/ipv6_route
  # The flags will not include RTF_MODIFIED | RTF_EXPIRED

Signed-off-by: Alex Gartrell <agartrell@...com>
---
 include/net/ip6_fib.h |  3 ++-
 net/ipv6/route.c      | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index 9bcb220..2f0d4d0 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -184,7 +184,8 @@ static inline void rt6_update_expires(struct rt6_info *rt0, int timeout)
 		rt0->dst.expires = rt->dst.expires;
 
 	dst_set_expires(&rt0->dst, timeout);
-	rt0->rt6i_flags |= RTF_EXPIRES;
+	if (rt0->rt6i_flags & (RTF_CACHE | RTF_EXPIRES))
+		rt0->rt6i_flags |= RTF_EXPIRES;
 }
 
 static inline void rt6_set_from(struct rt6_info *rt, struct rt6_info *from)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f74b041..a509a06 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -947,8 +947,19 @@ restart:
 		nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr);
 	else if (!(rt->dst.flags & DST_HOST))
 		nrt = rt6_alloc_clone(rt, &fl6->daddr);
-	else
+	else {
+		if (!(rt->rt6i_flags & RTF_EXPIRES) && rt->dst.expires &&
+		    time_after(jiffies, rt->dst.expires)) {
+			/* Uncached routes may have expires set if we
+			 * intend to expire the MTU but not the dest
+			 * itself.  In that case, we should reset the mtu
+			 * before handing it back */
+			dst_metric_set(&rt->dst, RTAX_MTU, 0);
+			rt6_clean_expires(rt);
+			rt->rt6i_flags &= ~RTF_MODIFIED;
+		}
 		goto out2;
+	}
 
 	ip6_rt_put(rt);
 	rt = nrt ? : net->ipv6.ip6_null_entry;
-- 
1.8.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists