lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160712135559.GB15034@orbyte.nwl.cc>
Date:	Tue, 12 Jul 2016 15:55:59 +0200
From:	Phil Sutter <phil@....cc>
To:	Xin Long <lucien.xin@...il.com>
Cc:	network dev <netdev@...r.kernel.org>, stephen@...workplumber.org
Subject: Re: [PATCH iproute2] ip route: restore route entries in correct order

On Tue, Jul 12, 2016 at 09:37:58PM +0800, Xin Long wrote:
> Sometimes we cannot restore route entries, because in kernel
>   [1] fib_check_nh()
>   [2] fib_valid_prefsrc()
> cause some routes to depend on existence of others while adding.
> 
> For example, we saved all the routes, and flushed all tables
>   [a] default via 192.168.122.1 dev eth0
>   [b] 192.168.122.0/24 dev eth0 src 192.168.122.21
>   [c] broadcast 127.0.0.0 dev lo table local src 127.0.0.1
>   [d] local 127.0.0.0/8 dev lo table local  src 127.0.0.1
>   [e] local 127.0.0.1 dev lo table local src 127.0.0.1
>   [f] broadcast 127.255.255.255 dev lo table local src 127.0.0.1
>   [g] broadcast 192.168.122.0 dev eth0 table local src 192.168.122.21
>   [h] local 192.168.122.21 dev eth0 table local src 192.168.122.21
>   [i] broadcast 192.168.122.255 dev eth0 table local src 192.168.122.21
> 
>   Now start to restore them:
>     If we want to add [a], we have to add [b] first, as [1] and
>     'via 192.168.122.1' in [a].
>     If we want to add [b], we have to add [h] first, as [2] and
>     'src 192.168.122.21' in [b].
> 
>   So the correct order to restore should be like:
>     [e][h] -> [b][c][d][f][g][i] -> [a]
> 
> This patch fixes it by traversing the file 3 times, it only restores
> part of them in each run according to the following conditions, to
> make sure every entry can be restored successfully.
>   1. !gw && (!fib_prefsrc || fib_prefsrc == cfg->fc_dst)
>   2. !gw && (fib_prefsrc != cfg->fc_dst)
>   3. gw
> 
> Signed-off-by: Xin Long <lucien.xin@...il.com>

Acked-by: Phil Sutter <phil@....cc>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ