lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 23 Aug 2020 20:33:50 -0600
From:   David Ahern <dsahern@...il.com>
To:     guodeqing <geffrey.guo@...wei.com>, davem@...emloft.net
Cc:     kuba@...nel.org, netdev@...r.kernel.org
Subject: Re: [PATCH] ipv4: fix the problem of ping failure in some cases

On 8/23/20 8:27 PM, David Ahern wrote:
> On 8/22/20 1:46 AM, guodeqing wrote:
>> ie.,
>> $ ifconfig eth0 9.9.9.9 netmask 255.255.255.0
>>
>> $ ping -I lo 9.9.9.9

If that ever worked it was wrong; the address is scoped to eth0, not lo.

>> ping: Warning: source address might be selected on device other than lo.
>> PING 9.9.9.9 (9.9.9.9) from 9.9.9.9 lo: 56(84) bytes of data.
>>
>> 4 packets transmitted, 0 received, 100% packet loss, time 3068ms
>>
>> This is because the return value of __raw_v4_lookup in raw_v4_input
>> is null, the packets cannot be sent to the ping application.
>> The reason of the __raw_v4_lookup failure is that sk_bound_dev_if and
>> dif/sdif are not equal in raw_sk_bound_dev_eq.
>>
>> Here I add a check of whether the sk_bound_dev_if is LOOPBACK_IFINDEX
>> to solve this problem.
>>
>> Fixes: 19e4e768064a8 ("ipv4: Fix raw socket lookup for local traffic")
>> Signed-off-by: guodeqing <geffrey.guo@...wei.com>
>> ---
>>  include/net/inet_sock.h | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
>> index a3702d1..7707b1d 100644
>> --- a/include/net/inet_sock.h
>> +++ b/include/net/inet_sock.h
>> @@ -144,7 +144,7 @@ static inline bool inet_bound_dev_eq(bool l3mdev_accept, int bound_dev_if,
>>  {
>>  	if (!bound_dev_if)
>>  		return !sdif || l3mdev_accept;
>> -	return bound_dev_if == dif || bound_dev_if == sdif;
>> +	return bound_dev_if == dif || bound_dev_if == sdif || bound_dev_if == LOOPBACK_IFINDEX;
>>  }
>>  
>>  struct inet_cork {
>>
> 
> this is used by more than just raw socket lookups.
> 

And assuming it should work, this is definitely the wrong fix.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ