lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ace2daed-7d88-7364-5395-80b63f59ffc1@gmail.com>
Date:   Sat, 28 Nov 2020 10:03:42 -0700
From:   David Ahern <dsahern@...il.com>
To:     Guillaume Nault <gnault@...hat.com>,
        David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Cc:     netdev@...r.kernel.org, Russell Strong <russell@...ong.id.au>
Subject: Re: [PATCH net] ipv4: Fix tos mask in inet_rtm_getroute()

On 11/26/20 11:09 AM, Guillaume Nault wrote:
> When inet_rtm_getroute() was converted to use the RCU variants of
> ip_route_input() and ip_route_output_key(), the TOS parameters
> stopped being masked with IPTOS_RT_MASK before doing the route lookup.
> 
> As a result, "ip route get" can return a different route than what
> would be used when sending real packets.
> 
> For example:
> 
>     $ ip route add 192.0.2.11/32 dev eth0
>     $ ip route add unreachable 192.0.2.11/32 tos 2
>     $ ip route get 192.0.2.11 tos 2
>     RTNETLINK answers: No route to host
> 
> But, packets with TOS 2 (ECT(0) if interpreted as an ECN bit) would
> actually be routed using the first route:
> 
>     $ ping -c 1 -Q 2 192.0.2.11
>     PING 192.0.2.11 (192.0.2.11) 56(84) bytes of data.
>     64 bytes from 192.0.2.11: icmp_seq=1 ttl=64 time=0.173 ms
> 
>     --- 192.0.2.11 ping statistics ---
>     1 packets transmitted, 1 received, 0% packet loss, time 0ms
>     rtt min/avg/max/mdev = 0.173/0.173/0.173/0.000 ms
> 
> This patch re-applies IPTOS_RT_MASK in inet_rtm_getroute(), to
> return results consistent with real route lookups.
> 
> Fixes: 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu versions of route lookup")
> Signed-off-by: Guillaume Nault <gnault@...hat.com>
> ---
>  net/ipv4/route.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ