lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7ed5f6ab-4206-1c1e-6485-f970b9b5b79d@6wind.com>
Date: Fri, 22 Sep 2023 17:51:15 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Hangbin Liu <liuhangbin@...il.com>, netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>, Jakub Kicinski
 <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 Ido Schimmel <idosch@...dia.com>, David Ahern <dsahern@...nel.org>,
 Benjamin Poirier <bpoirier@...dia.com>, Thomas Haller <thaller@...hat.com>,
 Stephen Hemminger <stephen@...workplumber.org>,
 Eric Dumazet <edumazet@...gle.com>
Subject: Re: [PATCHv4 net] ipv4/fib: send notify when delete source address
 routes



Le 22/09/2023 à 09:55, Hangbin Liu a écrit :
> After deleting an interface address in fib_del_ifaddr(), the function
> scans the fib_info list for stray entries and calls fib_flush() and
> fib_table_flush(). Then the stray entries will be deleted silently and no
> RTM_DELROUTE notification will be sent.
> 
> This lack of notification can make routing daemons, or monitor like
> `ip monitor route` miss the routing changes. e.g.
> 
> + ip link add dummy1 type dummy
> + ip link add dummy2 type dummy
> + ip link set dummy1 up
> + ip link set dummy2 up
> + ip addr add 192.168.5.5/24 dev dummy1
> + ip route add 7.7.7.0/24 dev dummy2 src 192.168.5.5
> + ip -4 route
> 7.7.7.0/24 dev dummy2 scope link src 192.168.5.5
> 192.168.5.0/24 dev dummy1 proto kernel scope link src 192.168.5.5
> + ip monitor route
> + ip addr del 192.168.5.5/24 dev dummy1
> Deleted 192.168.5.0/24 dev dummy1 proto kernel scope link src 192.168.5.5
> Deleted broadcast 192.168.5.255 dev dummy1 table local proto kernel scope link src 192.168.5.5
> Deleted local 192.168.5.5 dev dummy1 table local proto kernel scope host src 192.168.5.5
> 
> As Ido reminded, fib_table_flush() isn't only called when an address is
> deleted, but also when an interface is deleted or put down. The lack of
> notification in these cases is deliberate. And commit 7c6bb7d2faaf
> ("net/ipv6: Add knob to skip DELROUTE message on device down") introduced
> a sysctl to make IPv6 behave like IPv4 in this regard. So we can't send
> the route delete notify blindly in fib_table_flush().
> 
> To fix this issue, let's add a new flag in "struct fib_info" to track the
> deleted prefer source address routes, and only send notify for them.
> 
> After update:
> + ip monitor route
> + ip addr del 192.168.5.5/24 dev dummy1
> Deleted 192.168.5.0/24 dev dummy1 proto kernel scope link src 192.168.5.5
> Deleted broadcast 192.168.5.255 dev dummy1 table local proto kernel scope link src 192.168.5.5
> Deleted local 192.168.5.5 dev dummy1 table local proto kernel scope host src 192.168.5.5
> Deleted 7.7.7.0/24 dev dummy2 scope link src 192.168.5.5
> 
> Suggested-by: Thomas Haller <thaller@...hat.com>
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ