lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150128121026.GM13046@secunet.com>
Date:	Wed, 28 Jan 2015 13:10:28 +0100
From:	Steffen Klassert <steffen.klassert@...unet.com>
To:	Yang Yingliang <yangyingliang@...wei.com>
CC:	netdev <netdev@...r.kernel.org>,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: A problem about ICMP packet-too-big message handler

On Tue, Jan 27, 2015 at 08:58:53PM +0800, Yang Yingliang wrote:
> Hi,
> 
> My kernel is 3.10 LTS.
> 
> I got a problem here about handling ICMP packet-too-big message.
> 
> Before sending a packet-too-big packet :
> 
> # ip -6 route list table local
> local ::1 dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80::1 dev lo  metric 0 	//It  does not have expire value
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:2 dev lo  metric 0 
> local fe80::5054:ff:fe12:3456 dev lo  metric 0
> 
> 
> After sending a packet-too-big packet
> 
> ip -6 route list table local
> local ::1 dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80:: dev lo  metric 0 
> local fe80::1 dev lo  metric 0  expires _597_  //It has expire value

Is this route still present after the expiration time is elapsed?

> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:0 dev lo  metric 0 
> local fe80::200:ff:fe00:2 dev lo  metric 0 
> local fe80::5054:ff:fe12:3456 dev lo  metric 0
> 
> When time is up, I can't ping fe80::1 .
> Is it ok or a bug ?

This looks pretty similar to a bug I discovered recently.
In my case, a ipv6 host route dissapeared 10 minutes after
a PMTU event. As a result, this host was not reachable
anymore.

This happens because we don't clone host routes before
we use them. If a PMTU event happens, the original route
is marked with an expire value. After the expiration time
is elapsed, the original route is deleted and we loose
conectivity to the host.

I'm currently testing patches to fix this. With these
patches the ipv6 host routes are cloned if they are
gateway routes, i.e. if PMTU events can happen.

I fear it will not fix your case because PMTU events are
not expected to happen at local fe80 routes. But you could
change patch 1 to unconditionally clone the routes, if
you want to check if this is your problem.

I'll sent the fixes marked as RFC in reply to this mail.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ