lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Apr 2019 17:08:09 -0700
From:   Govindarajulu Varadarajan <govind.varadar@...il.com>
To:     David Ahern <dsahern@...nel.org>
Cc:     davem@...emloft.net, netdev@...r.kernel.org, idosch@...lanox.com,
        jiri@...lanox.com, David Ahern <dsahern@...il.com>,
        govind.varadar@...il.com, benve@...co.com
Subject: Re: [PATCH v2 net-next 08/18] ipv4: Refactor fib_check_nh

On Fri, Apr 5, 2019 at 4:32 PM David Ahern <dsahern@...nel.org> wrote:
>
> From: David Ahern <dsahern@...il.com>
>
> fib_check_nh is currently huge covering multiple uses cases - device only,
> device + gateway, and device + gateway with ONLINK. The next patch adds
> validation checks for IPv6 which only further complicates it. So, break
> fib_check_nh into 2 helpers - one for gateway validation and one for device
> only.
>
> Signed-off-by: David Ahern <dsahern@...il.com>
> Reviewed-by: Ido Schimmel <idosch@...lanox.com>

With the latest net-next I am having issue with network traffic.
git bisect points to this commit as the first bad commit.
(448d7248191706cbbd7761e3bc72c2985c4d38a7 ipv4: Refactor fib_check_nh)

I do not understand this part of kernel, from what I see, this patch
rejects the default route added by NetworkManager.
[gvaradar@...m5avmarch ~]$ sudo ip route add 192.168.0.0/24 via
0.0.0.0 dev bm0 proto kernel scope link src 192.168.0.1 metric 101
Error: Nexthop has invalid gateway.

Is this request valid or is this an issue with NetworkManager? This
used to work before,
[gvaradar@...m5avmarch linux]$ ip route
default via 10.193.164.254 dev e0 proto dhcp metric 100
10.193.164.0/24 via 0.0.0.0 dev e0 proto kernel scope link src
10.193.164.12 metric 100
192.168.0.0/24 via 0.0.0.0 dev bm0 proto kernel scope link src
192.168.0.1 metric 101

I do not know why NetworkManager is adding "via 0.0.0.0".
192.168.0.0/24 is a local subnet.

Either way, this seems to break odd behavior of NetworkManager.

--
Govind

Network details:
[NOT WORKING]: HEAD of net-next
[gvaradar@...m5avmarch ~]$ ip -d a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity
0 minmtu 0 maxmtu 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536
gso_max_segs 65535
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state
UP group default qlen 1000
    link/ether 52:54:00:64:86:b6 brd ff:ff:ff:ff:ff:ff promiscuity 0
minmtu 68 maxmtu 65535 numtxqueues 1 numrxqueues 1 gso_max_size 65536
gso_max_segs 65535
    inet 10.193.164.12/24 brd 10.193.164.255 scope global dynamic
noprefixroute e0
       valid_lft 21430sec preferred_lft 21430sec
    inet6 fe80::1f95:bfca:8e05:9448/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: bm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
    link/ether 00:fc:ba:a2:9c:d5 brd ff:ff:ff:ff:ff:ff promiscuity 0
minmtu 68 maxmtu 9000 numtxqueues 8 numrxqueues 8 gso_max_size 65536
gso_max_segs 65535
    inet 192.168.0.1/24 brd 192.168.0.255 scope global noprefixroute bm0
       valid_lft forever preferred_lft forever
    inet6 fe80::5988:7d2:a671:6c7d/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[gvaradar@...m5avmarch ~]$ ip route
[gvaradar@...m5avmarch ~]$ ping 192.168.0.2 -c2
connect: Network is unreachable
[gvaradar@...m5avmarch ~]$ sudo ip route add 192.168.0.0/24 dev bm0
[gvaradar@...m5avmarch ~]$ ip route
192.168.0.0/24 dev bm0 scope link
[gvaradar@...m5avmarch ~]$ ping 192.168.0.2 -c2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.121 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.065 ms
[gvaradar@...m5avmarch ~]$ sudo ip route add 192.168.0.0/24 via
0.0.0.0 dev bm0 proto kernel scope link src 192.168.0.1 metric 101
Error: Nexthop has invalid gateway.
[root@...m5avmarch ~]# systemctl stop NetworkManager
[root@...m5avmarch ~]# netctl start bm0
[root@...m5avmarch ~]# ip route
192.168.0.0/24 dev bm0 proto kernel scope link src 192.168.0.1
[root@...m5avmarch ~]# ping 192.168.0.2 -c2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.184 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.050 ms


[Working]: #First working commit
[gvaradar@...m5avmarch linux]$ git log -1
commit a4ea5d43c807be28545625c1e0641905022fa0d1 (HEAD,
refs/bisect/good-a4ea5d43c807be28545625c1e0641905022fa0d1)
Author: David Ahern <dsahern@...il.com>
Date:   Fri Apr 5 16:30:30 2019 -0700

    ipv4: Add support to fib_config for IPv6 gateway

    Add support for an IPv6 gateway to fib_config. Since a gateway is either
    IPv4 or IPv6, make it a union with fc_gw4 where fc_gw_family decides
    which address is in use. Update current checks on family and gw4 to
    handle ipv6 as well.

    Signed-off-by: David Ahern <dsahern@...il.com>
    Reviewed-by: Ido Schimmel <idosch@...lanox.com>
    Signed-off-by: David S. Miller <davem@...emloft.net>

[gvaradar@...m5avmarch linux]$ ip route
default via 10.193.164.254 dev e0 proto dhcp metric 100
10.193.164.0/24 via 0.0.0.0 dev e0 proto kernel scope link src
10.193.164.12 metric 100
192.168.0.0/24 via 0.0.0.0 dev bm0 proto kernel scope link src
192.168.0.1 metric 101
[gvaradar@...m5avmarch linux]$ ping 192.168.0.2 -c4
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.047 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 192.168.0.2: icmp_seq=4 ttl=64 time=0.071 ms
...
[gvaradar@...m5avmarch linux]$ sudo ip route del 192.168.0.0/24
[gvaradar@...m5avmarch linux]$ ip route
default via 10.193.164.254 dev e0 proto dhcp metric 100
10.193.164.0/24 via 0.0.0.0 dev e0 proto kernel scope link src
10.193.164.12 metric 100
[gvaradar@...m5avmarch linux]$ sudo ip route add 192.168.0.0/24 via
0.0.0.0 dev bm0 proto kernel scope link src 192.168.0.1 metric 101
[gvaradar@...m5avmarch linux]$ ip route
default via 10.193.164.254 dev e0 proto dhcp metric 100
10.193.164.0/24 via 0.0.0.0 dev e0 proto kernel scope link src
10.193.164.12 metric 100
192.168.0.0/24 via 0.0.0.0 dev bm0 proto kernel scope link src
192.168.0.1 metric 101

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ