| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1410165283-29337-1-git-send-email-agartrell@fb.com>
Date: Mon, 8 Sep 2014 01:34:43 -0700
From: Alex Gartrell <agartrell@...com>
To: <davem@...emloft.net>
CC: <edumazet@...gle.com>, <netdev@...r.kernel.org>,
<kernel-team@...com>, <ps@...com>, Alex Gartrell <agartrell@...com>
Subject: [RFC PATCH net-next] ip6: Do not expire uncached routes for mtu invalidation
This patch does two things: first it won't introduced RTF_EXPIRES to
rt6i_flags unless it already exists or RTF_CACHE is set; second, in
ip_pol_route, we'll check for expiration without the RTF_EXPIRES bit, and,
if it's set, zero out the pmtu so that we'll fall back to the device mtu.
This fixes an issue where we were deleting local, uncached dst routes.
This would result in packets being rejected after mtu expiration.
Here's a repro of the problem.
ip addr add dev lo face::1/128
grep ^face0000000000000000000000000001 /proc/net/ipv6_route
# The flags do not have RTF_MODIFIED | RTF_EXPIRED
ipvsadm -A -t 8.8.8.8:15213 # service not supported on first try
ipvsadm -A -t [face::1]:15213 -s rr > /dev/null
ipvsadm -a -t [face::1]:15213 -r 2401:db00:20:7017:face:0:13:0 --ipip > /dev/null
timeout 3 nc face::1 15213
grep ^face0000000000000000000000000001 /proc/net/ipv6_route
# The flags will not include RTF_MODIFIED | RTF_EXPIRED
Signed-off-by: Alex Gartrell <agartrell@...com>
---
include/net/ip6_fib.h | 3 ++-
net/ipv6/route.c | 13 ++++++++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index 9bcb220..2f0d4d0 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -184,7 +184,8 @@ static inline void rt6_update_expires(struct rt6_info *rt0, int timeout)
rt0->dst.expires = rt->dst.expires;
dst_set_expires(&rt0->dst, timeout);
- rt0->rt6i_flags |= RTF_EXPIRES;
+ if (rt0->rt6i_flags & (RTF_CACHE | RTF_EXPIRES))
+ rt0->rt6i_flags |= RTF_EXPIRES;
}
static inline void rt6_set_from(struct rt6_info *rt, struct rt6_info *from)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f74b041..a509a06 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -947,8 +947,19 @@ restart:
nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr);
else if (!(rt->dst.flags & DST_HOST))
nrt = rt6_alloc_clone(rt, &fl6->daddr);
- else
+ else {
+ if (!(rt->rt6i_flags & RTF_EXPIRES) && rt->dst.expires &&
+ time_after(jiffies, rt->dst.expires)) {
+ /* Uncached routes may have expires set if we
+ * intend to expire the MTU but not the dest
+ * itself. In that case, we should reset the mtu
+ * before handing it back */
+ dst_metric_set(&rt->dst, RTAX_MTU, 0);
+ rt6_clean_expires(rt);
+ rt->rt6i_flags &= ~RTF_MODIFIED;
+ }
goto out2;
+ }
ip6_rt_put(rt);
rt = nrt ? : net->ipv6.ip6_null_entry;
--
1.8.1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists