lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20140916.145435.714034191389495557.davem@davemloft.net>
Date:	Tue, 16 Sep 2014 14:54:35 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	nicolas.cavallari@...en-communications.fr
Cc:	netdev@...r.kernel.org, kuznet@....inr.ac.ru, jmorris@...ei.org,
	yoshfuji@...ux-ipv6.org, kaber@...sh.net
Subject: Re: [PATCHv2] ipv4: Do not cache routing failures due to disabled
 forwarding.

From: Nicolas Cavallari <nicolas.cavallari@...en-communications.fr>
Date: Mon, 15 Sep 2014 12:28:13 +0200

> If we cache them, the kernel will reuse them, independently of
> whether forwarding is enabled or not.  Which means that if forwarding is
> disabled on the input interface where the first routing request comes
> from, then that unreachable result will be cached and reused for
> other interfaces, even if forwarding is enabled on them.
> 
> This can be verified with two interfaces A and B and an output interface
> C, where B has forwarding enabled, but not A and trying
> ip route get $dst iif A from $src && ip route get $dst iif B from $src
> 
> Signed-off-by: Nicolas Cavallari <nicolas.cavallari@...en-communications.fr>
> ---
> v2: simplify patch using julian anastasov's suggestion.

This also disables caching for the cases of a simple fib lookup failure.

Handle cached route invalidation the way it's meant to be, by bumping
the rt_genid.

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 214882e..aa4e63c 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1965,6 +1965,8 @@ static void inet_forward_change(struct net *net)
 		}
 		rcu_read_unlock();
 	}
+
+	rt_cache_flush(net);
 }
 
 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ