lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <681218214b684_2edfe5294e6@willemb.c.googlers.com.notmuch>
Date: Wed, 30 Apr 2025 08:31:29 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Ido Schimmel <idosch@...dia.com>, 
 netdev@...r.kernel.org
Cc: davem@...emloft.net, 
 kuba@...nel.org, 
 pabeni@...hat.com, 
 edumazet@...gle.com, 
 dsahern@...nel.org, 
 horms@...nel.org, 
 willemb@...gle.com, 
 Ido Schimmel <idosch@...dia.com>
Subject: Re: [PATCH net-next] ipv4: Honor "ignore_routes_with_linkdown" sysctl
 in nexthop selection

Ido Schimmel wrote:
> Commit 32607a332cfe ("ipv4: prefer multipath nexthop that matches source
> address") changed IPv4 nexthop selection to prefer a nexthop whose
> nexthop device is assigned the specified source address for locally
> generated traffic.
> 
> While the selection honors the "fib_multipath_use_neigh" sysctl and will
> not choose a nexthop with an invalid neighbour, it does not honor the
> "ignore_routes_with_linkdown" sysctl and can choose a nexthop without a
> carrier:
> 
>  $ sysctl net.ipv4.conf.all.ignore_routes_with_linkdown
>  net.ipv4.conf.all.ignore_routes_with_linkdown = 1
>  $ ip route show 198.51.100.0/24
>  198.51.100.0/24
>          nexthop via 192.0.2.2 dev dummy1 weight 1
>          nexthop via 192.0.2.18 dev dummy2 weight 1 dead linkdown
>  $ ip route get 198.51.100.1 from 192.0.2.17
>  198.51.100.1 from 192.0.2.17 via 192.0.2.18 dev dummy2 uid 0
> 
> Solve this by skipping over nexthops whose assigned hash upper bound is
> minus one, which is the value assigned to nexthops that do not have a
> carrier when the "ignore_routes_with_linkdown" sysctl is set.
> 
> In practice, this probably does not matter a lot as the initial route
> lookup for the source address would not choose a nexthop that does not
> have a carrier in the first place, but the change does make the code
> clearer.
> 
> Signed-off-by: Ido Schimmel <idosch@...dia.com>

Reviewed-by: Willem de Bruijn <willemb@...gle.com>

> ---
>  net/ipv4/fib_semantics.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
> index 03959c60d128..dabe2b7044ab 100644
> --- a/net/ipv4/fib_semantics.c
> +++ b/net/ipv4/fib_semantics.c
> @@ -2188,7 +2188,14 @@ void fib_select_multipath(struct fib_result *res, int hash,
>  	saddr = fl4 ? fl4->saddr : 0;
>  
>  	change_nexthops(fi) {
> -		if (use_neigh && !fib_good_nh(nexthop_nh))
> +		int nh_upper_bound;
> +
> +		/* Nexthops without a carrier are assigned an upper bound of
> +		 * minus one when "ignore_routes_with_linkdown" is set.
> +		 */
> +		nh_upper_bound = atomic_read(&nexthop_nh->fib_nh_upper_bound);
> +		if (nh_upper_bound == -1 ||

Instead of a comment, perhaps a helper function

	static bool fib_link_is_down(int nh_upper_bound)
	{
		return nh_upper_bound == -1;
	}

or define a negative constant const int NH_HASH_LINKDOWN (-2) and
assign that in fib_rebalance and test that here?

But perhaps that's more complexity than it's worth. No strong opinion.

> +		    (use_neigh && !fib_good_nh(nexthop_nh)))
>  			continue;
>  
>  		if (!found) {
> @@ -2197,7 +2204,7 @@ void fib_select_multipath(struct fib_result *res, int hash,
>  			found = !saddr || nexthop_nh->nh_saddr == saddr;
>  		}
>  
> -		if (hash > atomic_read(&nexthop_nh->fib_nh_upper_bound))
> +		if (hash > nh_upper_bound)
>  			continue;
>  
>  		if (!saddr || nexthop_nh->nh_saddr == saddr) {
> -- 
> 2.49.0
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ