lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250822165231.4353-4-bacs@librecast.net>
Date: Fri, 22 Aug 2025 16:50:51 +0000
From: Brett A C Sheffield <bacs@...recast.net>
To: regressions@...ts.linux.dev
Cc: Brett A C Sheffield <bacs@...recast.net>,
	netdev@...r.kernel.org,
	stable@...r.kernel.org,
	davem@...emloft.net,
	dsahern@...nel.org,
	oscmaes92@...il.com,
	kuba@...nel.org
Subject: [REGRESSION][BISECTED][PATCH] net: ipv4: fix regression in broadcast routes

Fix the regression introduced in 9e30ecf23b1b whereby IPv4 broadcast
packets were having their ethernet destination field mangled.  This
broke WOL magic packets and likely other IPv4 broadcast.

The regression can be observed by sending an IPv4 WOL packet using
the wakeonlan program to any ethernet address:

 wakeonlan 46:3b:ad:61:e0:5d

and capturing the packet with tcpdump:

 tcpdump -i eth0 -w /tmp/bad.cap dst port 9

The ethernet destination MUST be ff:ff:ff:ff:ff:ff for broadcast, but is
mangled with 9e30ecf23b1b applied.

Revert the change made in 9e30ecf23b1b and ensure the MTU value for
broadcast routes is retained by calling ip_dst_init_metrics() directly,
avoiding the need to enter the main code block in rt_set_nexthop().

Simplify the code path taken for broadcast packets back to the original
before the regression, adding only the call to ip_dst_init_metrics().

The broadcast_pmtu.sh selftest provided with the original patch still
passes with this patch applied.

Fixes: 9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes")
Signed-off-by: Brett A C Sheffield <bacs@...recast.net>
---
 net/ipv4/route.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index f639a2ae881a..eaf78e128aca 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2588,6 +2588,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
 	do_cache = true;
 	if (type == RTN_BROADCAST) {
 		flags |= RTCF_BROADCAST | RTCF_LOCAL;
+		fi = NULL;
 	} else if (type == RTN_MULTICAST) {
 		flags |= RTCF_MULTICAST | RTCF_LOCAL;
 		if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr,
@@ -2657,8 +2658,12 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
 			rth->dst.output = ip_mc_output;
 			RT_CACHE_STAT_INC(out_slow_mc);
 		}
+		if (type == RTN_BROADCAST) {
+			/* ensure MTU value for broadcast routes is retained */
+			ip_dst_init_metrics(&rth->dst, res->fi->fib_metrics);
+		}
 #ifdef CONFIG_IP_MROUTE
-		if (type == RTN_MULTICAST) {
+		else if (type == RTN_MULTICAST) {
 			if (IN_DEV_MFORWARD(in_dev) &&
 			    !ipv4_is_local_multicast(fl4->daddr)) {
 				rth->dst.input = ip_mr_input;

base-commit: 01b9128c5db1b470575d07b05b67ffa3cb02ebf1
-- 
2.49.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ