lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 2 Oct 2023 14:07:30 -0600
From: David Ahern <dsahern@...nel.org>
To: Hangbin Liu <liuhangbin@...il.com>, netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>, Jakub Kicinski
 <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 Ido Schimmel <idosch@...dia.com>, Benjamin Poirier <bpoirier@...dia.com>,
 Thomas Haller <thaller@...hat.com>,
 Stephen Hemminger <stephen@...workplumber.org>,
 Eric Dumazet <edumazet@...gle.com>,
 Nicolas Dichtel <nicolas.dichtel@...nd.com>
Subject: Re: [PATCHv4 net] ipv4/fib: send notify when delete source address
 routes

On 9/22/23 1:55 AM, Hangbin Liu wrote:
> After deleting an interface address in fib_del_ifaddr(), the function
> scans the fib_info list for stray entries and calls fib_flush() and
> fib_table_flush(). Then the stray entries will be deleted silently and no
> RTM_DELROUTE notification will be sent.
> 
> This lack of notification can make routing daemons, or monitor like
> `ip monitor route` miss the routing changes. e.g.
> 
> + ip link add dummy1 type dummy
> + ip link add dummy2 type dummy
> + ip link set dummy1 up
> + ip link set dummy2 up
> + ip addr add 192.168.5.5/24 dev dummy1
> + ip route add 7.7.7.0/24 dev dummy2 src 192.168.5.5
> + ip -4 route
> 7.7.7.0/24 dev dummy2 scope link src 192.168.5.5
> 192.168.5.0/24 dev dummy1 proto kernel scope link src 192.168.5.5
> + ip monitor route
> + ip addr del 192.168.5.5/24 dev dummy1
> Deleted 192.168.5.0/24 dev dummy1 proto kernel scope link src 192.168.5.5
> Deleted broadcast 192.168.5.255 dev dummy1 table local proto kernel scope link src 192.168.5.5
> Deleted local 192.168.5.5 dev dummy1 table local proto kernel scope host src 192.168.5.5
> 
> As Ido reminded, fib_table_flush() isn't only called when an address is
> deleted, but also when an interface is deleted or put down. The lack of
> notification in these cases is deliberate. And commit 7c6bb7d2faaf
> ("net/ipv6: Add knob to skip DELROUTE message on device down") introduced
> a sysctl to make IPv6 behave like IPv4 in this regard. So we can't send
> the route delete notify blindly in fib_table_flush().
> 
> To fix this issue, let's add a new flag in "struct fib_info" to track the
> deleted prefer source address routes, and only send notify for them.
> 
> After update:
> + ip monitor route
> + ip addr del 192.168.5.5/24 dev dummy1
> Deleted 192.168.5.0/24 dev dummy1 proto kernel scope link src 192.168.5.5
> Deleted broadcast 192.168.5.255 dev dummy1 table local proto kernel scope link src 192.168.5.5
> Deleted local 192.168.5.5 dev dummy1 table local proto kernel scope host src 192.168.5.5
> Deleted 7.7.7.0/24 dev dummy2 scope link src 192.168.5.5
> 
> Suggested-by: Thomas Haller <thaller@...hat.com>
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
> ---
> v4: As David Ahern said, do not use bitfield as it has higher overhead.
> v3: update patch description
> v2: Add a bit in fib_info to mark the deleted src route.
> ---
>  include/net/ip_fib.h     | 1 +
>  net/ipv4/fib_semantics.c | 1 +
>  net/ipv4/fib_trie.c      | 4 ++++
>  3 files changed, 6 insertions(+)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ