lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210731011729.4357-1-vfedorenko@novek.ru>
Date:   Sat, 31 Jul 2021 04:17:29 +0300
From:   Vadim Fedorenko <vfedorenko@...ek.ru>
To:     David Ahern <dsahern@...nel.org>
Cc:     Willem de Bruijn <willemb@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>,
        Jakub Kicinski <kuba@...nel.org>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        Vadim Fedorenko <vfedorenko@...ek.ru>
Subject: [PATCH net] net: ipv4: fix path MTU for multi path routes

Bug 213729 showed that MTU check could be used against route that
will not be used in actual transmit if source ip is not specified.
But path MTU update is always done on route with defined source ip.
Fix route selection by updating flow info in case when source ip
is not explicitly defined in raw and udp sockets.

Signed-off-by: Vadim Fedorenko <vfedorenko@...ek.ru>
---
 net/ipv4/raw.c | 11 +++++++++++
 net/ipv4/udp.c | 13 +++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index bb446e60cf58..e4008416dfc1 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -640,6 +640,17 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
 			goto done;
 	}
 
+	if (!saddr) {
+		rt = __ip_route_output_key(net, &fl4);
+		if (IS_ERR(rt)) {
+			err = PTR_ERR(rt);
+			rt = NULL;
+			goto done;
+		}
+		ip_rt_put(rt);
+		flowi4_update_output(&fl4, ipc.oif, tos, fl4.daddr, fl4.saddr);
+	}
+
 	security_sk_classify_flow(sk, flowi4_to_flowi_common(&fl4));
 	rt = ip_route_output_flow(net, &fl4, sk);
 	if (IS_ERR(rt)) {
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 1a742b710e54..c6db5c3aa294 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1215,6 +1215,19 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
 				   faddr, saddr, dport, inet->inet_sport,
 				   sk->sk_uid);
 
+		if (!saddr) {
+			rt = __ip_route_output_key(net, fl4);
+			if (IS_ERR(rt)) {
+				err = PTR_ERR(rt);
+				rt = NULL;
+				if (err == -ENETUNREACH)
+					IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);
+				goto out;
+			}
+			ip_rt_put(rt);
+			flowi4_update_output(fl4, ipc.oif, tos, fl4->daddr, fl4->saddr);
+		}
+
 		security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
 		rt = ip_route_output_flow(net, fl4, sk);
 		if (IS_ERR(rt)) {
-- 
2.18.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ