lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 16 May 2018 14:42:24 +0100
From:   Luca Boccassi <bluca@...ian.org>
To:     Serhey Popovych <serhe.popovych@...il.com>,
        Stephen Hemminger <stephen@...workplumber.org>
Cc:     Hans van Kranenburg <hans.van.kranenburg@...dix.com>,
        898840@...s.debian.org, netdev@...r.kernel.org
Subject: Re: [iproute2] Bug#898840: Latest update breaks ip6 default gateway
 cli api

On Wed, 2018-05-16 at 14:26 +0200, Hans van Kranenburg wrote:
> Package: iproute2
> Version: 4.16.0-2
> Severity: normal
> 
> Hi,
> 
> The last iproute2 update has a backwards incompatible change in
> setting
> IPv6 default routes, breaking existing configuration and scripts.
> 
> Previously, the following was possible, and now it requires an
> explicit
> -6 option to be added:
> 
> -# ip route add default via 2001:db8::1 dev eth0
> Error: inet address is expected rather than "2001:db8::1".
> 
> This works:
> -# ip -6 route add default via 2001:db8::1 dev eth0
> 
> I found out after having systems end up being unreachable after a
> reboot, because I have commands like these in network/interfaces.
> 
> I had a look at upstream changelogs, but I don't see any mention of
> this, and suspect it was not intentional. However, it's bad.

Hello Serhey and Stephen,

Hans reported a regression in v4.16.0, ip route now requires -6 to be
manually added when using v6 addresses while up to 4.15 it didn't, the
commands quoted show the problem.

Bisecting shows that the following commit from Serhey introduced the
problem:

93fa12418dc6f5943692250244be303bb162175b
utils: Always specify family and ->bytelen in get_prefix_1()

Could you please have a look when you have a moment? It's very easy to
reproduce, and it breaks existing scripts and so on.

Thanks!

-- 
Kind regards,
Luca Boccassi
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ