lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20180702.203844.186407000526604117.davem@davemloft.net>
Date:   Mon, 02 Jul 2018 20:38:44 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     liuhangbin@...il.com
Cc:     netdev@...r.kernel.org, sbrivio@...hat.com, pabeni@...hat.com,
        maheshb@...gle.com, xiyou.wangcong@...il.com, sd@...asysnail.net
Subject: Re: [PATCHv2 net] ipvlan: call dev_change_flags when ipvlan mode
 is reset

From: Hangbin Liu <liuhangbin@...il.com>
Date: Sun,  1 Jul 2018 16:21:21 +0800

> After we change the ipvlan mode from l3 to l2, or vice versa, we only
> reset IFF_NOARP flag, but don't flush the ARP table cache, which will
> cause eth->h_dest to be equal to eth->h_source in ipvlan_xmit_mode_l2().
> Then the message will not come out of host.
> 
> Here is the reproducer on local host:
> 
> ip link set eth1 up
> ip addr add 192.168.1.1/24 dev eth1
> ip link add link eth1 ipvlan1 type ipvlan mode l3
> 
> ip netns add net1
> ip link set ipvlan1 netns net1
> ip netns exec net1 ip link set ipvlan1 up
> ip netns exec net1 ip addr add 192.168.2.1/24 dev ipvlan1
> 
> ip route add 192.168.2.0/24 via 192.168.1.2
> ping 192.168.2.2 -c 2
> 
> ip netns exec net1 ip link set ipvlan1 type ipvlan mode l2
> ping 192.168.2.2 -c 2
> 
> Add the same configuration on remote host. After we set the mode to l2,
> we could find that the src/dst MAC addresses are the same on eth1:
> 
> 21:26:06.648565 00:b7:13:ad:d3:05 > 00:b7:13:ad:d3:05, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 58356, offset 0, flags [DF], proto ICMP (1), length 84)
>     192.168.2.1 > 192.168.2.2: ICMP echo request, id 22686, seq 1, length 64
> 
> Fix this by calling dev_change_flags(), which will call netdevice notifier
> with flag change info.
> 
> v2:
> a) As pointed out by Wang Cong, check return value for dev_change_flags() when
> change dev flags.
> b) As suggested by Stefano and Sabrina, move flags setting before l3mdev_ops.
> So we don't need to redo ipvlan_{, un}register_nf_hook() again in err path.
> 
> Reported-by: Jianlin Shi <jishi@...hat.com>
> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
> Reviewed-by: Sabrina Dubroca <sd@...asysnail.net>
> Fixes: 2ad7bf3638411 ("ipvlan: Initial check-in of the IPVLAN driver.")
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>

Applied, thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ