lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20150205155158.1b6a9782@urahara>
Date:	Thu, 5 Feb 2015 15:51:58 -0800
From:	Stephen Hemminger <shemming@...cade.com>
To:	Steve Biggs <sbiggs@...cade.com>
CC:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: gre interfaces copied to new namespace

On Thu, 5 Feb 2015 15:37:33 -0800
Steve Biggs <sbiggs@...cade.com> wrote:

> (My first post to this list. I forgot to change my settings and I sent the previous version of this post using HTML mail. Terribly sorry if this caused anybody any problems; won't happen again... it may be that it never got to the list at all?)
> 
> I am going under the assumption that a newly created network namespace should have the loopback (lo) device as its only contents, with it being an error to have any other already existing interfaces in the default namespace also copied in. If this assumption is wrong, please advise and then if so, sorry for the noise.
> 
> I was able to reproduce this on a vanilla Debian Wheezy installation with the following sequence of commands. Debian Wheezy is running an older kernel version, so this is a long-standing issue. I am also able to reproduce this on a 3.14.y based kernel.
> 
> # ip netns list
> # ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host 
>        valid_lft forever preferred_lft forever
> # modprobe ip_gre
> # ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host 
>        valid_lft forever preferred_lft forever
> 12: gre0@...E: <NOARP> mtu 1476 qdisc noop state DOWN group default 
>     link/gre 0.0.0.0 brd 0.0.0.0
> 13: gretap0@...E: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> # ip netns add foo
> # ip netns list
> foo
> # ip netns exec foo ip a
> 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default 
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: gre0@...E: <NOARP> mtu 1476 qdisc noop state DOWN group default 
>     link/gre 0.0.0.0 brd 0.0.0.0
> 3: gretap0@...E: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> # rmmod ip_gre
> # ip netns exec foo ip a
> 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default 
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> # ip netns del foo
> # ip netns list
> #
> 

gre0 and friends are old weird legacy leftovers. They should be copied.
They are the tunnel of last resort for packets that match no defined tunnel.
Nothing should be using them directly.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ