lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1447010471-559-2-git-send-email-phil@nwl.cc>
Date:	Sun,  8 Nov 2015 20:21:06 +0100
From:	Phil Sutter <phil@....cc>
To:	Stephen Hemminger <shemming@...cade.com>
Cc:	netdev@...r.kernel.org
Subject: [iproute PATCH 1/6] ipaddress: make flush command more error-tolerant

The core issue here is that with promote_secondaries sysctl setting
being turned off, removing the primary address implicitly removes all
secondaries as well. Iproute is aware of this and therefore tries to
remove all secondary addresses first to circumvent errors due to
removing non-existent addresses. But this works only if not too many IP
addresses are assigned to an interface, otherwise the RTM_GETADDR
response is split up into multiple buffers. In my test-case, flushing
more than 42 IPv4 addresses was sufficient to trigger an error:

Failed to send flush request: Cannot assign requested address

This patch fixes the issue by simply ignoring EADDRNOTAVAIL when
flushing.

Signed-off-by: Phil Sutter <phil@....cc>
---
 ip/ipaddress.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index f290205..75b3e27 100644
--- a/ip/ipaddress.c
+++ b/ip/ipaddress.c
@@ -893,7 +893,12 @@ int print_linkinfo(const struct sockaddr_nl *who,
 
 static int flush_update(void)
 {
-	if (rtnl_send_check(&rth, filter.flushb, filter.flushp) < 0) {
+	int rc = rtnl_send_check(&rth, filter.flushb, filter.flushp);
+
+	/* if promote_secondaries sysctl setting is off, removing the primary
+	 * address makes us try to remove non-existent secondaries. Since we're
+	 * flushing, this can be sanely ignored. */
+	if (rc < 0 && errno != EADDRNOTAVAIL) {
 		perror("Failed to send flush request");
 		return -1;
 	}
-- 
2.1.2

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ