lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 22 Jan 2020 21:14:04 +0100
From:   Kristian Evensen <kristian.evensen@...il.com>
To:     Network Development <netdev@...r.kernel.org>
Subject: Overlapping networks can only be added in a certain order

Hello,

I have a machine that is connected to two separate networks (on two
separate interfaces), but the network addresses overlap. The first
network (lets call it N1) gives me an address in 10.5.101.248/29,
while the other (N2) in 10.5.101.248/30. If routing is successfully
configured or not, depends on the order in which the networks are
configured.

If N1 is configured first, then routing is successfully configured for
both networks. If N2 is configured first, then the configuration of N1
fails. The routes for each network are placed in separate tables, and
I know that the configuration of one network is done before the other
is configured.

The machine where I initially observed this behavior runs kernel 4.14,
but I was able to replicate on a machine running 5.0 using the
commands below. Things start going wrong when I configure N2 before
N1, and set the address for N1. The address is set on the device, but
there is no route added to the main routing table. Instrumenting the
kernel shows that the error happens in fib_valid_prefsrc().

I also checked that routing works correctly when N1 is configured
first, and it does. I used ping and bound the process to the interface
I wanted to check, capturing packets showed that the correct interface
was used

Thanks in advance for any help.

BR,
Kristian

Commands for replicating issue:

#Set up networking. test1 matches N1, test2 N2
ip link add test1 type dummy
ip link add test2 type dummy
ip link set dev test1 up
ip link set dev test2 up

#Configure N1 before N2, works fine
ip addr add 10.5.101.251/29 dev test1
ip ro del 10.5.101.248/29 dev test1 src 10.5.101.251
ip ro add 10.5.101.248/29 dev test1 src 10.5.101.251 table 1
ip ro add default via 10.5.101.252 dev test1 src 10.5.101.251 table 1

ip addr add 10.5.101.250/30 dev test2
ip ro del 10.5.101.248/30 dev test2 src 10.5.101.250
ip ro add 10.5.101.248/30 dev test2 src 10.5.101.250 table 4

#Clean up
ip addr flush dev test1
ip addr flush dev test2

#Configure N2 before N1, failes
ip addr add 10.5.101.250/30 dev test2
ip ro del 10.5.101.248/30 dev test2 src 10.5.101.250
ip ro add 10.5.101.248/30 dev test2 src 10.5.101.250 table 4
ip ro add default via 10.5.101.249 dev test2 src 10.5.101.250 table 4

ip addr add 10.5.101.251/29 dev test1
ip ro del 10.5.101.248/29 dev test1 src 10.5.101.251
ip ro add 10.5.101.248/29 dev test1 src 10.5.101.251 table 1
ip ro add default via 10.5.101.252 dev test1 src 10.5.101.251 table 1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ