| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <681218214b684_2edfe5294e6@willemb.c.googlers.com.notmuch>
Date: Wed, 30 Apr 2025 08:31:29 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Ido Schimmel <idosch@...dia.com>,
netdev@...r.kernel.org
Cc: davem@...emloft.net,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
dsahern@...nel.org,
horms@...nel.org,
willemb@...gle.com,
Ido Schimmel <idosch@...dia.com>
Subject: Re: [PATCH net-next] ipv4: Honor "ignore_routes_with_linkdown" sysctl
in nexthop selection
Ido Schimmel wrote:
> Commit 32607a332cfe ("ipv4: prefer multipath nexthop that matches source
> address") changed IPv4 nexthop selection to prefer a nexthop whose
> nexthop device is assigned the specified source address for locally
> generated traffic.
>
> While the selection honors the "fib_multipath_use_neigh" sysctl and will
> not choose a nexthop with an invalid neighbour, it does not honor the
> "ignore_routes_with_linkdown" sysctl and can choose a nexthop without a
> carrier:
>
> $ sysctl net.ipv4.conf.all.ignore_routes_with_linkdown
> net.ipv4.conf.all.ignore_routes_with_linkdown = 1
> $ ip route show 198.51.100.0/24
> 198.51.100.0/24
> nexthop via 192.0.2.2 dev dummy1 weight 1
> nexthop via 192.0.2.18 dev dummy2 weight 1 dead linkdown
> $ ip route get 198.51.100.1 from 192.0.2.17
> 198.51.100.1 from 192.0.2.17 via 192.0.2.18 dev dummy2 uid 0
>
> Solve this by skipping over nexthops whose assigned hash upper bound is
> minus one, which is the value assigned to nexthops that do not have a
> carrier when the "ignore_routes_with_linkdown" sysctl is set.
>
> In practice, this probably does not matter a lot as the initial route
> lookup for the source address would not choose a nexthop that does not
> have a carrier in the first place, but the change does make the code
> clearer.
>
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
Reviewed-by: Willem de Bruijn <willemb@...gle.com>
> ---
> net/ipv4/fib_semantics.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
> index 03959c60d128..dabe2b7044ab 100644
> --- a/net/ipv4/fib_semantics.c
> +++ b/net/ipv4/fib_semantics.c
> @@ -2188,7 +2188,14 @@ void fib_select_multipath(struct fib_result *res, int hash,
> saddr = fl4 ? fl4->saddr : 0;
>
> change_nexthops(fi) {
> - if (use_neigh && !fib_good_nh(nexthop_nh))
> + int nh_upper_bound;
> +
> + /* Nexthops without a carrier are assigned an upper bound of
> + * minus one when "ignore_routes_with_linkdown" is set.
> + */
> + nh_upper_bound = atomic_read(&nexthop_nh->fib_nh_upper_bound);
> + if (nh_upper_bound == -1 ||
Instead of a comment, perhaps a helper function
static bool fib_link_is_down(int nh_upper_bound)
{
return nh_upper_bound == -1;
}
or define a negative constant const int NH_HASH_LINKDOWN (-2) and
assign that in fib_rebalance and test that here?
But perhaps that's more complexity than it's worth. No strong opinion.
> + (use_neigh && !fib_good_nh(nexthop_nh)))
> continue;
>
> if (!found) {
> @@ -2197,7 +2204,7 @@ void fib_select_multipath(struct fib_result *res, int hash,
> found = !saddr || nexthop_nh->nh_saddr == saddr;
> }
>
> - if (hash > atomic_read(&nexthop_nh->fib_nh_upper_bound))
> + if (hash > nh_upper_bound)
> continue;
>
> if (!saddr || nexthop_nh->nh_saddr == saddr) {
> --
> 2.49.0
>
Powered by blists - more mailing lists