lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <61d1b53f-2879-4f9f-bd68-01333a892c02@gmail.com>
Date: Wed, 24 Jan 2024 14:55:18 -0700
From: David Ahern <dsahern@...il.com>
To: Jakub Kicinski <kuba@...nel.org>, Heng Guo <heng.guo@...driver.com>
Cc: Vitezslav Samel <vitezslav@...el.cz>, netdev@...r.kernel.org
Subject: Re: [6.6.x REGRESSION][BISECTED] dev_snmp6: broken Ip6OutOctets
 accounting for forwarded IPv6 packets

On 1/24/24 1:30 PM, Jakub Kicinski wrote:
> Thanks for the analysis, Vitezslav!
> 
> Heng Guo, David, any thoughts on this? Revert?

Revert is best; Heng Guo can revisit the math and try again.

The patch in question basically negated IPSTATS_MIB_OUTOCTETS; I see it
shown in proc but never bumped in the datapath.

> 
> On Sat, 20 Jan 2024 10:23:18 +0100 Vitezslav Samel wrote:
>> 	Hi!
>>
>> In short:
>>
>>   since commit e4da8c78973c ("net: ipv4, ipv6: fix IPSTATS_MIB_OUTOCTETS increment duplicated")
>> the "Ip6OutOctets" entry of /proc/net/dev_snmp6/<interface> isn't
>> incremented by packet size for outbound forwarded unicast IPv6 packets.
>>
>>
>> In more detail:
>>
>>   After move from kernel 6.1.y to 6.6.y I was surprised by very low IPv6 to
>> IPv4 outgoing traffic ratio counted from /proc/net/... counters on our linux
>> router. In this simple scenario:
>>
>> 	NET1  <-->  ROUTER  <-->  NET2
>>
>>   the entry Ip6OutOctets of ROUTER's /proc/net/dev_snmp6/<interface> was
>> surprisingly low although the IPv6 traffic between NET1 and NET2 is rather
>> huge comparing to IPv4 traffic. The bisection led me to commit e4da8c78973c.
>> After reverting it, the numbers went to expected values.
>>
>>   Numbers for local outbound IPv6 seems correct, as well as numbers for IPv4.
>>
>>   Since the commit patches both IPv4 and IPv6 reverting it doesn't seem like
>> the right thing to do. Can you, please, look at it and cook some fix?
>>
>> 	Thanks,
>>
>> 		Vita
>>
>> #### git bisect log
>>
>> git bisect start '--' 'include' 'net'
>> # status: waiting for both good and bad commits
>> # good: [fb2635ac69abac0060cc2be2873dc4f524f12e66] Linux 6.1.62
>> git bisect good fb2635ac69abac0060cc2be2873dc4f524f12e66
>> # status: waiting for bad commit, 1 good commit known
>> # bad: [5e9df83a705290c4d974693097df1da9cbe25854] Linux 6.6.9
>> git bisect bad 5e9df83a705290c4d974693097df1da9cbe25854
>> # good: [830b3c68c1fb1e9176028d02ef86f3cf76aa2476] Linux 6.1
>> git bisect good 830b3c68c1fb1e9176028d02ef86f3cf76aa2476
>> # good: [6e98b09da931a00bf4e0477d0fa52748bf28fcce] Merge tag 'net-next-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
>> git bisect good 6e98b09da931a00bf4e0477d0fa52748bf28fcce
>> # good: [9b39f758974ff8dfa721e68c6cecfd37e6ddb206] Merge tag 'nf-23-07-20' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
>> git bisect good 9b39f758974ff8dfa721e68c6cecfd37e6ddb206
>> # good: [38663034491d00652ac599fa48866bcf2ebd7bc1] Merge tag 'fsnotify_for_v6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
>> git bisect good 38663034491d00652ac599fa48866bcf2ebd7bc1
>> # good: [7ba2090ca64ea1aa435744884124387db1fac70f] Merge tag 'ceph-for-6.6-rc1' of https://github.com/ceph/ceph-client
>> git bisect good 7ba2090ca64ea1aa435744884124387db1fac70f
>> # bad: [ea1cc20cd4ce55dd920a87a317c43da03ccea192] Merge tag 'v6.6-rc7.vfs.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
>> git bisect bad ea1cc20cd4ce55dd920a87a317c43da03ccea192
>> # bad: [b938790e70540bf4f2e653dcd74b232494d06c8f] Bluetooth: hci_codec: Fix leaking content of local_codecs
>> git bisect bad b938790e70540bf4f2e653dcd74b232494d06c8f
>> # bad: [6912e724832c47bb381eb1bd1e483ec8df0d0f0f] net/smc: bugfix for smcr v2 server connect success statistic
>> git bisect bad 6912e724832c47bb381eb1bd1e483ec8df0d0f0f
>> # bad: [c3b704d4a4a265660e665df51b129e8425216ed1] igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
>> git bisect bad c3b704d4a4a265660e665df51b129e8425216ed1
>> # bad: [82ba0ff7bf0483d962e592017bef659ae022d754] net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
>> git bisect bad 82ba0ff7bf0483d962e592017bef659ae022d754
>> # bad: [dc9511dd6f37fe803f6b15b61b030728d7057417] sctp: annotate data-races around sk->sk_wmem_queued
>> git bisect bad dc9511dd6f37fe803f6b15b61b030728d7057417
>> # good: [7e9be1124dbe7888907e82cab20164578e3f9ab7] netfilter: nf_tables: Audit log setelem reset
>> git bisect good 7e9be1124dbe7888907e82cab20164578e3f9ab7
>> # bad: [4e60de1e4769066aa9956c83545c8fa21847f326] Merge tag 'nf-23-08-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
>> git bisect bad 4e60de1e4769066aa9956c83545c8fa21847f326
>> # bad: [e4da8c78973c1e307c0431e0b99a969ffb8aa3f1] net: ipv4, ipv6: fix IPSTATS_MIB_OUTOCTETS increment duplicated
>> git bisect bad e4da8c78973c1e307c0431e0b99a969ffb8aa3f1
>> # first bad commit: [e4da8c78973c1e307c0431e0b99a969ffb8aa3f1] net: ipv4, ipv6: fix IPSTATS_MIB_OUTOCTETS increment duplicated
>>
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ