| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171231161513.25785-1-idosch@mellanox.com>
Date: Sun, 31 Dec 2017 18:14:54 +0200
From: Ido Schimmel <idosch@...lanox.com>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, dsahern@...il.com, roopa@...ulusnetworks.com,
nicolas.dichtel@...nd.com, mlxsw@...lanox.com,
Ido Schimmel <idosch@...lanox.com>
Subject: [RFC PATCH net-next 00/19] ipv6: Align nexthop behaviour with IPv4
This set tries to eliminate some differences between IPv4's and IPv6's
treatment of nexthops. These differences are most likely a side effect
of IPv6's data structures (specifically 'rt6_info') that incorporate
both the route and the nexthop and the late addition of ECMP support in
commit 51ebd3181572 ("ipv6: add support of equal cost multipath
(ECMP)").
When a netdev is unregistered, IPv4 flushes all the routes using the
netdev as their nexthop device. This includes multipath routes. In IPv6,
sibling routes in a multipath route are unaffected.
In addition, a netdev that is put administratively down causes IPv4 to
mark all the nexthops using it as 'dead'. A route is only flushed when
all of its nexthops are dead. IPv6 on the other hand simply flushes all
the routes using the netdev as their nexthop device. This includes
sibling routes in a multipath route.
These differences stem from the fact that the IPv6 code evaluates routes
without taking into consideration the state of their siblings in a
multipath route. This makes it difficult to introduce features such as
non-equal-cost multipath that are built on top of this set [1].
The first 12 patches introduce non-functional changes that store the
RTNH_F_DEAD and RTNH_F_LINKDOWN flags in IPv6 routes based on netdev
events, in a similar fashion to IPv4. This allows us to remove the
carrier check performed during route lookup and dump.
The next four patches finally eliminate the above mentioned differences.
First, by flushing all the sibling routes when a nexthop device in a
sibling route is unregistered. Then, by only flushing a multipath route
when all of its nexthops are dead.
Last three patches add test cases for IPv4/IPv6 FIB. These verify that
both address families react similarly to netdev events.
1. https://github.com/idosch/linux/tree/ipv6-nexthops
Ido Schimmel (19):
ipv6: Remove redundant route flushing during namespace dismantle
ipv6: Mark dead nexthops with appropriate flags
ipv6: Clear nexthop flags upon netdev up
ipv6: Prepare to handle multiple netdev events
ipv6: Set nexthop flags upon carrier change
ipv6: Set nexthop flags during route creation
ipv6: Check nexthop flags during route lookup instead of carrier
ipv6: Check nexthop flags in route dump instead of carrier
ipv6: Ignore dead routes during lookup
ipv6: Report dead flag during route dump
ipv6: Add explicit flush indication to routes
ipv6: Teach tree walker to skip multipath routes
ipv6: Flush all sibling routes upon NETDEV_UNREGISTER
ipv6: Export sernum update function
ipv6: Take table lock outside of sernum update function
ipv6: Flush multipath routes when all siblings are dead
selftests: fib_tests: Add test cases for IPv4/IPv6 FIB
selftests: fib_tests: Add test cases for netdev down
selftests: fib_tests: Add test cases for netdev carrier change
include/net/ip6_fib.h | 4 +-
include/net/ip6_route.h | 3 +
net/ipv6/addrconf.c | 9 +-
net/ipv6/ip6_fib.c | 28 +-
net/ipv6/route.c | 189 ++++++++++++--
tools/testing/selftests/net/Makefile | 1 +
tools/testing/selftests/net/fib_tests.sh | 428 +++++++++++++++++++++++++++++++
7 files changed, 622 insertions(+), 40 deletions(-)
create mode 100755 tools/testing/selftests/net/fib_tests.sh
--
2.14.3
Powered by blists - more mailing lists