lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <cdbabcfe-83d8-5cf2-d100-1a0e0071385e@gmail.com>
Date:   Thu, 11 Jan 2018 06:55:56 -0700
From:   David Ahern <dsahern@...il.com>
To:     Lorenzo Colitti <lorenzo@...gle.com>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, rami.rosen@...el.com,
        nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com
Subject: Re: [PATCH net] net: ipv4: Make "ip route get" match iif lo rules
 again.

On 1/11/18 2:36 AM, Lorenzo Colitti wrote:
> Commit 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu
> versions of route lookup") broke "ip route get" in the presence
> of rules that specify iif lo.
> 
> Host-originated traffic always has iif lo, because
> ip_route_output_key_hash and ip6_route_output_flags set the flow
> iif to LOOPBACK_IFINDEX. Thus, putting "iif lo" in an ip rule is a
> convenient way to select only originated traffic and not forwarded
> traffic.
> 
> inet_rtm_getroute used to match these rules correctly because
> even though it sets the flow iif to 0, it called
> ip_route_output_key which overwrites iif with LOOPBACK_IFINDEX.
> But now that it calls ip_route_output_key_hash_rcu, the ifindex
> will remain 0 and not match the iif lo in the rule. As a result,
> "ip route get" will return ENETUNREACH.
> 
> Fixes: 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu versions of route lookup")
> Tested: https://android.googlesource.com/kernel/tests/+/master/net/test/multinetwork_test.py passes again
> Signed-off-by: Lorenzo Colitti <lorenzo@...gle.com>
> ---
>  net/ipv4/route.c | 1 +
>  1 file changed, 1 insertion(+)
> 

Missed that. Thanks for fixing.

Acked-by: David Ahern <dsahern@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ