| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <31b1b29b-432b-f628-af3e-c5fd03973148@kernel.org>
Date: Sun, 4 Dec 2022 09:27:02 -0700
From: David Ahern <dsahern@...nel.org>
To: Ido Schimmel <idosch@...dia.com>, netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
edumazet@...gle.com, mark.tomlinson@...iedtelesis.co.nz,
sharpd@...dia.com, mlxsw@...dia.com
Subject: Re: [PATCH net 2/2] ipv4: Fix incorrect route flushing when table ID
0 is used
On 12/4/22 12:50 AM, Ido Schimmel wrote:
> Cited commit added the table ID to the FIB info structure, but did not
> properly initialize it when table ID 0 is used. This can lead to a route
> in the default VRF with a preferred source address not being flushed
> when the address is deleted.
>
> Consider the following example:
>
> # ip address add dev dummy1 192.0.2.1/28
> # ip address add dev dummy1 192.0.2.17/28
> # ip route add 198.51.100.0/24 via 192.0.2.2 src 192.0.2.17 metric 100
> # ip route add table 0 198.51.100.0/24 via 192.0.2.2 src 192.0.2.17 metric 200
> # ip route show 198.51.100.0/24
> 198.51.100.0/24 via 192.0.2.2 dev dummy1 src 192.0.2.17 metric 100
> 198.51.100.0/24 via 192.0.2.2 dev dummy1 src 192.0.2.17 metric 200
>
> Both routes are installed in the default VRF, but they are using two
> different FIB info structures. One with a metric of 100 and table ID of
> 254 (main) and one with a metric of 200 and table ID of 0. Therefore,
> when the preferred source address is deleted from the default VRF,
> the second route is not flushed:
>
> # ip address del dev dummy1 192.0.2.17/28
> # ip route show 198.51.100.0/24
> 198.51.100.0/24 via 192.0.2.2 dev dummy1 src 192.0.2.17 metric 200
>
> Fix by storing a table ID of 254 instead of 0 in the route configuration
> structure.
>
> Add a test case that fails before the fix:
>
> # ./fib_tests.sh -t ipv4_del_addr
>
> IPv4 delete address route tests
> Regular FIB info
> TEST: Route removed from VRF when source address deleted [ OK ]
> TEST: Route in default VRF not removed [ OK ]
> TEST: Route removed in default VRF when source address deleted [ OK ]
> TEST: Route in VRF is not removed by address delete [ OK ]
> Identical FIB info with different table ID
> TEST: Route removed from VRF when source address deleted [ OK ]
> TEST: Route in default VRF not removed [ OK ]
> TEST: Route removed in default VRF when source address deleted [ OK ]
> TEST: Route in VRF is not removed by address delete [ OK ]
> Table ID 0
> TEST: Route removed in default VRF when source address deleted [FAIL]
>
> Tests passed: 8
> Tests failed: 1
>
> And passes after:
>
> # ./fib_tests.sh -t ipv4_del_addr
>
> IPv4 delete address route tests
> Regular FIB info
> TEST: Route removed from VRF when source address deleted [ OK ]
> TEST: Route in default VRF not removed [ OK ]
> TEST: Route removed in default VRF when source address deleted [ OK ]
> TEST: Route in VRF is not removed by address delete [ OK ]
> Identical FIB info with different table ID
> TEST: Route removed from VRF when source address deleted [ OK ]
> TEST: Route in default VRF not removed [ OK ]
> TEST: Route removed in default VRF when source address deleted [ OK ]
> TEST: Route in VRF is not removed by address delete [ OK ]
> Table ID 0
> TEST: Route removed in default VRF when source address deleted [ OK ]
>
> Tests passed: 9
> Tests failed: 0
>
> Fixes: 5a56a0b3a45d ("net: Don't delete routes in different VRFs")
> Reported-by: Donald Sharp <sharpd@...dia.com>
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> ---
> net/ipv4/fib_frontend.c | 3 +++
> tools/testing/selftests/net/fib_tests.sh | 10 ++++++++++
> 2 files changed, 13 insertions(+)
>
Reviewed-by: David Ahern <dsahern@...nel.org>
Powered by blists - more mailing lists