lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <0ff4819f-56af-407c-b5ab-79ecc77e4d6d@kernel.org>
Date: Thu, 1 May 2025 10:41:03 -0600
From: David Ahern <dsahern@...nel.org>
To: Ido Schimmel <idosch@...dia.com>, netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
 edumazet@...gle.com, horms@...nel.org, willemb@...gle.com
Subject: Re: [PATCH net-next] ipv4: Honor "ignore_routes_with_linkdown" sysctl
 in nexthop selection

On 4/30/25 4:02 AM, Ido Schimmel wrote:
> Commit 32607a332cfe ("ipv4: prefer multipath nexthop that matches source
> address") changed IPv4 nexthop selection to prefer a nexthop whose
> nexthop device is assigned the specified source address for locally
> generated traffic.
> 
> While the selection honors the "fib_multipath_use_neigh" sysctl and will
> not choose a nexthop with an invalid neighbour, it does not honor the
> "ignore_routes_with_linkdown" sysctl and can choose a nexthop without a
> carrier:
> 
>  $ sysctl net.ipv4.conf.all.ignore_routes_with_linkdown
>  net.ipv4.conf.all.ignore_routes_with_linkdown = 1
>  $ ip route show 198.51.100.0/24
>  198.51.100.0/24
>          nexthop via 192.0.2.2 dev dummy1 weight 1
>          nexthop via 192.0.2.18 dev dummy2 weight 1 dead linkdown
>  $ ip route get 198.51.100.1 from 192.0.2.17
>  198.51.100.1 from 192.0.2.17 via 192.0.2.18 dev dummy2 uid 0
> 
> Solve this by skipping over nexthops whose assigned hash upper bound is
> minus one, which is the value assigned to nexthops that do not have a
> carrier when the "ignore_routes_with_linkdown" sysctl is set.
> 
> In practice, this probably does not matter a lot as the initial route
> lookup for the source address would not choose a nexthop that does not
> have a carrier in the first place, but the change does make the code
> clearer.
> 
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> ---
>  net/ipv4/fib_semantics.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ