lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 5 May 2016 08:50:15 -0600
From:	David Ahern <dsa@...ulusnetworks.com>
To:	Julian Anastasov <ja@....bg>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 03/13] net: l3mdev: Allow send on enslaved
 interface

On 5/5/16 1:40 AM, Julian Anastasov wrote:
>> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
>> index 8c8c655bb2c4..a1f2830d8110 100644
>> --- a/net/ipv4/route.c
>> +++ b/net/ipv4/route.c
>> @@ -2146,6 +2146,7 @@ struct rtable *__ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
>>   	unsigned int flags = 0;
>>   	struct fib_result res;
>>   	struct rtable *rth;
>> +	int master_idx;
>>   	int orig_oif;
>>   	int err = -ENETUNREACH;
>>
>> @@ -2155,6 +2156,9 @@ struct rtable *__ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
>>
>>   	orig_oif = fl4->flowi4_oif;
>>
>> +	master_idx = l3mdev_master_ifindex_by_index(net, fl4->flowi4_oif);
>> +	if (master_idx)
>> +		fl4->flowi4_oif = master_idx;
>
> 	Changing the flowi4_oif at this point can have
> bad effects. I remember for recent commit for  __mkroute_output
> where the route caching is disabled if traffic is redirected
> to loopback. I think, such change can affect the route
> caching, for example, now we use nexthop on master_idx to
> cache routes for orig_oif. Such problems with the caching
> in the past always caused lookups to return wrong cached result
> for other users. But this is only my fears, I don't know
> the actual result of this change. May be you are trying to
> change flowi4_oif at one place instead of every caller.

Yes. VRFs require the oif to be the master index so that the FIB rules 
direct the lookup to the proper table. Without it we get the wrong result.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ