lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Mar 2020 17:28:21 +0100 From: Guillaume Nault <gnault@...hat.com> To: Alexander Duyck <alexander.duyck@...il.com> Cc: David Ahern <dsahern@...il.com>, Xin Long <lucien.xin@...il.com>, network dev <netdev@...r.kernel.org>, davem <davem@...emloft.net>, mmhatre@...hat.com, "alexander.h.duyck@...el.com" <alexander.h.duyck@...el.com> Subject: Re: route: an issue caused by local and main table's merge On Tue, Mar 10, 2020 at 10:19:24AM -0700, Alexander Duyck wrote: > On Tue, Mar 10, 2020 at 9:01 AM Guillaume Nault <gnault@...hat.com> wrote: > > > > On Tue, Mar 10, 2020 at 04:56:32PM +0100, Guillaume Nault wrote: > > > On Mon, Mar 09, 2020 at 08:53:53AM -0700, Alexander Duyck wrote: > > > > Also, is it really a valid configuration to have the same address > > > > configured as both a broadcast and unicast address? I couldn't find > > > > anything that said it wasn't, but at the same time I haven't found > > > > anything saying it is an acceptable practice to configure an IP > > > > address as both a broadcast and unicast destination. Everything I saw > > > > seemed to imply that a subnet should be at least a /30 to guarantee a > > > > pair of IPs and support for broadcast addresses with all 1's and 0 for > > > > the host identifier. As such 192.168.122.1 would never really be a > > > > valid broadcast address since it implies a /31 subnet mask. > > > > > > > RFC 3031 explicitly allows /31 subnets for point to point links. > > That RFC 3021, sorry :/ > > > > So from what I can tell the configuration as provided doesn't apply to > RFC 3021. Specifically RFC 3021 calls out that you are not supposed to > use the { <network-prefix>, -1 } which is what is being done here. In > addition the prefix is technically a /24 as configured here since a > prefix length wasn't specified so it defaults to a class C. > Yes, I was just replying on the use of /31 subnets. I agree that this case is different. > Looking over the Linux kernel code it normally doesn't add such a > broadcast if using a /31 address: > https://elixir.bootlin.com/linux/v5.6-rc5/source/net/ipv4/fib_frontend.c#L1122 > Yes, and that's the right thing to do IMHO. I think the original problem is that the command is accepted when it's run after "ip rule add from 2.2.2.2". It should continue to be rejected instead, as the ip-rule command has no action and is not supposed to interfere in this case.
Powered by blists - more mailing lists