lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jun 2016 09:42:49 +0300 (EEST) From: Julian Anastasov <ja@....bg> To: Quentin Armitage <quentin@...itage.org.uk> cc: Wensong Zhang <wensong@...ux-vs.org>, Simon Horman <horms@...ge.net.au>, Pablo Neira Ayuso <pablo@...filter.org>, Patrick McHardy <kaber@...sh.net>, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, lvs-devel@...r.kernel.org, netfilter-devel@...r.kernel.org, coreteam@...filter.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v4 net] ipvs: fix bind to link-local mcast IPv6 address in backup Hello, On Thu, 16 Jun 2016, Quentin Armitage wrote: > When using HEAD from > https://git.kernel.org/cgit/utils/kernel/ipvsadm/ipvsadm.git/, > the command: > ipvsadm --start-daemon backup --mcast-interface eth0.60 \ > --mcast-group ff02::1:81 > fails with the error message: > Argument list too long > > whereas both: > ipvsadm --start-daemon master --mcast-interface eth0.60 \ > --mcast-group ff02::1:81 > and: > ipvsadm --start-daemon backup --mcast-interface eth0.60 \ > --mcast-group 224.0.0.81 > are successful. > > The error message "Argument list too long" isn't helpful. The error occurs > because an IPv6 address is given in backup mode. > > The error is in make_receive_sock() in net/netfilter/ipvs/ip_vs_sync.c, > since it fails to set the interface on the address or the socket before > calling inet6_bind() (via sock->ops->bind), where the test > 'if (!sk->sk_bound_dev_if)' failed. > > Setting sock->sk->sk_bound_dev_if on the socket before calling > inet6_bind() resolves the issue. > > Fixes: d33288172e72 ("ipvs: add more mcast parameters for the sync daemon") > Signed-off-by: Quentin Armitage <quentin@...itage.org.uk> Looks good to me, thanks! Acked-by: Julian Anastasov <ja@....bg> Simon, please apply to ipvs tree. Patch compiles also on stable 4.4.13, 4.5.7 and 4.6.2, so no need for special versions. The ack is also for the other 3 patches from v4 (for ipvs-next) but they depend on this patch. > --- > net/netfilter/ipvs/ip_vs_sync.c | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c > index 803001a..1b07578 100644 > --- a/net/netfilter/ipvs/ip_vs_sync.c > +++ b/net/netfilter/ipvs/ip_vs_sync.c > @@ -1545,7 +1545,8 @@ error: > /* > * Set up receiving multicast socket over UDP > */ > -static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id) > +static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id, > + int ifindex) > { > /* multicast addr */ > union ipvs_sockaddr mcast_addr; > @@ -1566,6 +1567,7 @@ static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id) > set_sock_size(sock->sk, 0, result); > > get_mcast_sockaddr(&mcast_addr, &salen, &ipvs->bcfg, id); > + sock->sk->sk_bound_dev_if = ifindex; > result = sock->ops->bind(sock, (struct sockaddr *)&mcast_addr, salen); > if (result < 0) { > pr_err("Error binding to the multicast addr\n"); > @@ -1868,7 +1870,7 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, > if (state == IP_VS_STATE_MASTER) > sock = make_send_sock(ipvs, id); > else > - sock = make_receive_sock(ipvs, id); > + sock = make_receive_sock(ipvs, id, dev->ifindex); > if (IS_ERR(sock)) { > result = PTR_ERR(sock); > goto outtinfo; > -- > 1.7.7.6 Regards -- Julian Anastasov <ja@....bg>
Powered by blists - more mailing lists