lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 06 Sep 2015 13:46:39 -0700
From:	roopa <roopa@...ulusnetworks.com>
To:	nicolas.dichtel@...nd.com
CC:	davem@...emloft.net, Mazziesaccount@...il.com,
	hannes@...essinduktion.org, kuznet@....inr.ac.ru,
	jmorris@...ei.org, yoshfuji@...ux-ipv6.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2] ipv6: fix multipath route replace error recovery

On 9/4/15, 1:12 AM, Nicolas Dichtel wrote:
> Le 03/09/2015 01:44, Roopa Prabhu a écrit :
>> From: Roopa Prabhu <roopa@...ulusnetworks.com>
>>
>> Problem:
>> The ecmp route replace support for ipv6 in the kernel, deletes the
>> existing ecmp route too early, ie when it installs the first nexthop.
>> If there is an error in installing the subsequent nexthops, its too late
>> to recover the already deleted existing route
>>
>> This patch fixes the problem with the following:
>> a) Changes the existing multipath route add code to a two stage process:
>>    build rt6_infos + insert them
>>     ip6_route_add rt6_info creation code is moved into
>>     ip6_route_info_create.
>> b) This ensures that all errors are caught during building rt6_infos
>>    and we fail early
>> c) Separates multipath add and del code. Because add needs the special
>>    two stage mode in a) and delete essentially does not care.
>> d) In any event if the code fails during inserting a route again, a
>>    warning is printed (This should be unlikely)
>>
>> Before the patch:
>> $ip -6 route show
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:b dev swp49s0 metric 1024
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:d dev swp49s1 metric 1024
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:f dev swp49s2 metric 1024
>>
>> /* Try replacing the route with a duplicate nexthop */
>> $ip -6 route change 3000:1000:1000:1000::2/128 nexthop via
>> fe80::202:ff:fe00:b dev swp49s0 nexthop via fe80::202:ff:fe00:d dev
>> swp49s1 nexthop via fe80::202:ff:fe00:d dev swp49s1
>> RTNETLINK answers: File exists
>>
>> $ip -6 route show
>> /* previously added ecmp route 3000:1000:1000:1000::2 dissappears from
>>   * kernel */
>>
>> After the patch:
>> $ip -6 route show
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:b dev swp49s0 metric 1024
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:d dev swp49s1 metric 1024
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:f dev swp49s2 metric 1024
>>
>> /* Try replacing the route with a duplicate nexthop */
>> $ip -6 route change 3000:1000:1000:1000::2/128 nexthop via
>> fe80::202:ff:fe00:b dev swp49s0 nexthop via fe80::202:ff:fe00:d dev
>> swp49s1 nexthop via fe80::202:ff:fe00:d dev swp49s1
>> RTNETLINK answers: File exists
>>
>> $ip -6 route show
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:b dev swp49s0 metric 1024
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:d dev swp49s1 metric 1024
>> 3000:1000:1000:1000::2 via fe80::202:ff:fe00:f dev swp49s2 metric 1024
>>
>> Fixes: 4a287eba2de3 ("IPv6 routing, NLM_F_* flag support: REPLACE and 
>> EXCL flags support, warn about missing CREATE flag")
> ECMP was added one year after this patch. The right tag is:
> Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
I went back and looked again. It is a recent one 27596472473a ("ipv6: 
fix ECMP route replacement").

>
>> Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
>> ---
>> v2 - fix a rt6_info leak in cleanup on error
>>
>> This bug is present in 4.1 kernel and 4.2 too.
>> Since 4.2 is out or almost out, I am submitting the patch against 
>> net-next.
>> I can respin against net if needed. I have tried to keep the changes 
>> local
>> to route.c closer to the netlink message handling. Most of the 
>> changes move
>> code into separate functions.
>>
>>   net/ipv6/route.c | 209 
>> ++++++++++++++++++++++++++++++++++++++++++++++++-------
>>   1 file changed, 183 insertions(+), 26 deletions(-)
>>
>> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> [snip]
>> +static void ip6_print_replace_route_err(struct list_head *rt6_nh_list)
>> +{
>> +    struct rt6_nh *nh;
>> +    char *errstr = "IPV6: unexpected error replacing route";
> Generally, it's better to not break log. It eases grep.
> Something shorter may be enough: "ECMPv6", the log level already 
> indicates
> that it's an error (which is always unexpected ;-)).

correct. What i was trying to really say is 'replace failed but it 
deleted already existing route'.
I have tried to reword it in v3. posting soon.
>
>> +
>> +    list_for_each_entry(nh, rt6_nh_list, next) {
>> +        printk(KERN_WARNING "%s: %pI6 nexthop %pI6 ifi %d\n",
> pr_warn() or pr_err()?

I will use pr_warn.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ