| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Sep 2014 21:52:22 +0200 From: Nicolas Cavallari <nicolas.cavallari@...en-communications.fr> To: David Miller <davem@...emloft.net> CC: netdev@...r.kernel.org, kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net Subject: Re: [PATCHv2] ipv4: Do not cache routing failures due to disabled forwarding. On 16/09/2014 20:54, David Miller wrote: > From: Nicolas Cavallari <nicolas.cavallari@...en-communications.fr> > Date: Mon, 15 Sep 2014 12:28:13 +0200 > >> If we cache them, the kernel will reuse them, independently of >> whether forwarding is enabled or not. Which means that if forwarding is >> disabled on the input interface where the first routing request comes >> from, then that unreachable result will be cached and reused for >> other interfaces, even if forwarding is enabled on them. >> >> This can be verified with two interfaces A and B and an output interface >> C, where B has forwarding enabled, but not A and trying >> ip route get $dst iif A from $src && ip route get $dst iif B from $src >> >> Signed-off-by: Nicolas Cavallari <nicolas.cavallari@...en-communications.fr> >> --- >> v2: simplify patch using julian anastasov's suggestion. > > This also disables caching for the cases of a simple fib lookup failure. Caching is already not done on a fib lookup failure. On which fib_info would you cache anyway ? res.fi is already NULL in this case. > Handle cached route invalidation the way it's meant to be, by bumping > the rt_genid. > > diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c > index 214882e..aa4e63c 100644 > --- a/net/ipv4/devinet.c > +++ b/net/ipv4/devinet.c > @@ -1965,6 +1965,8 @@ static void inet_forward_change(struct net *net) > } > rcu_read_unlock(); > } > + > + rt_cache_flush(net); > } > > static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) This doesn't solve the problem. Flushing the cache only changes how the bug manifests: ip route flush cache ip route get 10.0.0.1 from 10.0.0.2 iif A # unreachable (because forwarding on A is disabled). This is cached. ip route get 10.0.0.1 from 10.0.0.2 iif B # unreachable (at first fib_lookup finds it reachable and forwarding on B is enabled. And then there is a valid cache entry, which is reused blindly even if it says "unreachable"). ip route flush cache ip route get 10.0.0.1 from 10.0.0.2 iif B # reachable (because forwarding on B is enabled). This is cached ip route get 10.0.0.1 from 10.0.0.2 iif A # reachable (forwarding on A is disabled, so it is unreachable initially. But there is a valid cache entry, which says "reachable", which is reused) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists