| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <65b59170-28c2-2e3b-f435-2bdcc6d7b10c@gmail.com>
Date: Fri, 14 Apr 2023 18:26:03 +0200
From: Lars Ekman <uablrek@...il.com>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: netdev@...r.kernel.org
Subject: Re: iproute2 bug in json output for encap
Hi again,
Digging a little deeper I see that the double "dst" items will cause
problems with most (all?) json parsers. I intend to use "go" and json
parsing will be parsed to a "map" (hash-table) so duplicate keys will
not work.
https://stackoverflow.com/questions/21832701/does-json-syntax-allow-duplicate-keys-in-an-object
IMHO it would be better to use a structured "encap" item. Something like;
[ {
"dst": "192.168.11.0/24",
"encap": {
"protocol": "ip6",
"id": 0,
"src": "::",
"dst": "fd00::c0a8:2dd",
"hoplimit": 0,
"tc": 0
},
"scope": "link",
"flags": [ ]
} ]
Best Regards,
Lars Ekman
On 2023-04-14 18:12, Lars Ekman wrote:
> Hi,
>
> Thanks for the reply. You are right, it is jq that eats one ot the
> double "dst" items.
>
> vm-002 ~ # ip -j -p route show proto 5
> [ {
> "dst": "192.168.11.0/24",
> "encap": "ip6",
> "id": 0,
> "src": "::",
> "dst": "fd00::c0a8:2dd",
> "hoplimit": 0,
> "tc": 0,
> "dev": "dummy0",
> "scope": "link",
> "flags": [ ]
> } ]
> vm-002 ~ # ip -j -p route show proto 5 | jq
> [
> {
> "dst": "fd00::c0a8:2dd",
> "encap": "ip6",
> "id": 0,
> "src": "::",
> "hoplimit": 0,
> "tc": 0,
> "dev": "dummy0",
> "scope": "link",
> "flags": []
> }
> ]
>
> Sorry for the fuss.
>
> Best Regards,
>
> Lars Ekman
>
>
> And btw I did upgrade *before* posting :-)
>
> vm-002 ~ # ip -V
> ip utility, iproute2-6.2.0, libbpf 1.1.0
> vm-002 ~ # uname -r
> 6.2.7
>
>
>
> On 2023-04-14 17:21, Stephen Hemminger wrote:
>> On Fri, 14 Apr 2023 10:29:15 +0200
>> Lars Ekman <uablrek@...il.com> wrote:
>>
>>> The destination is lost in json printout and replaced by the encap
>>> destination. The destination can even be ipv6 for an ipv4 route.
>>>
>>> Example:
>>>
>>> vm-002 ~ # ip route add 10.0.0.0/24 proto 5 dev ip6tnl6 encap ip6 dst
>>> fd00::192.168.2.221
>>> vm-002 ~ # ip route show proto 5
>>> 10.0.0.0/24 encap ip6 id 0 src :: dst fd00::c0a8:2dd hoplimit 0 tc 0
>>> dev ip6tnl6 scope link
>>> vm-002 ~ # ip -j route show proto 5 | jq
>>> [
>>> {
>>> "dst": "fd00::c0a8:2dd",
>>> "encap": "ip6",
>>> "id": 0,
>>> "src": "::",
>>> "hoplimit": 0,
>>> "tc": 0,
>>> "dev": "ip6tnl6",
>>> "scope": "link",
>>> "flags": []
>>> }
>>> ]
>>>
>> Both JSON and regular output show the same address which is coming from
>> the kernel. I.e not a JSON problem. Also, you don't need to use jq
>> ip has -p flag to pretty print.
>>
>> I can not reproduce this with current kernel and iproute2.
>> # ip route add 192.168.11.0/24 proto 5 dev dummy0 encap ip6 dst fd00::192.168.2.221
>>
>> # ip route show proto 5
>> 192.168.11.0/24 encap ip6 id 0 src :: dst fd00::c0a8:2dd hoplimit 0 tc 0 dev dummy0 scope link
>>
>> # ip -j -p route show proto 5
>> [ {
>> "dst": "192.168.11.0/24",
>> "encap": "ip6",
>> "id": 0,
>> "src": "::",
>> "dst": "fd00::c0a8:2dd",
>> "hoplimit": 0,
>> "tc": 0,
>> "dev": "dummy0",
>> "scope": "link",
>> "flags": [ ]
>> } ]
>>
>>
>> # ip -V
>> ip utility, iproute2-6.1.0, libbpf 1.1.0
>> # uname -r
>> 6.1.0-7-amd64
>>
>>
Powered by blists - more mailing lists