lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1d44e105-77bd-42e7-81f5-6e235fd12554@6wind.com>
Date: Fri, 28 Nov 2025 09:38:07 +0100
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: azey <me@...y.net>
Cc: Jakub Kicinski <kuba@...nel.org>, David Ahern <dsahern@...nel.org>,
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
 netdev <netdev@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] net/ipv6: allow device-only routes via the multipath
 API

Le 27/11/2025 à 15:06, azey a écrit :
> On 2025-11-27 08:58:59 +0100  Nicolas Dichtel <nicolas.dichtel@...nd.com> wrote:
>> I still think that there could be regressions because this commit changes the
>> default behavior.
> 
> I don't think it should - my reasoning is that any routes created via
> ip6_route_multipath_add() would always pass rt6_qualify_for_ecmp()
> before this patch anyway:
> - RAs get added as single routes via ip6_route_add(), so RTF_ADDRCONF
>   wouldn't be set
> - f6i->nh wouldn't be set, since:
>   - ip6_route_info_create_nh() only sets nh if cfg->fc_nh_id is set,
>     otherwise sets fib6_nh
>   - rtm_to_fib6_config() prevents RTA_NH_ID and RTA_MULTIPATH from being
>     set at the same time, and only sets fc_nh_id if RTA_NH_ID is set
> - f6i->fib6_nh->fib_nh_gw_family would always be set, as dev-only routes
>   were stopped by the check in rtm_to_fib6_multipath_config()
> 
> Did I get anything wrong? I should've probably included this in the commit
> message, sorry.
With IPv6, unlike IPv4, the ECMP next hops can be added one by one. Your commit
doesn't allow this:

$ ip -6 route add 2002::/64 via fd00:125::2 dev ntfp2
$ ip -6 route append 2002::/64 dev ntfp3
$ ip -6 route
2002::/64 via fd00:125::2 dev ntfp2 metric 1024 pref medium
2002::/64 dev ntfp3 metric 1024 pref medium
...
$ ip -6 route append 2002::/64 via fd00:175::2 dev ntfp3
$ ip -6 route
2002::/64 metric 1024 pref medium
        nexthop via fd00:125::2 dev ntfp2 weight 1
        nexthop via fd00:175::2 dev ntfp3 weight 1

Note that the previous route via ntfp3 has been removed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ