Re: interesting routing bug...

From: Alexander V. Chernikov <melifaro_at_FreeBSD.org>
Date: Thu, 09 Jan 2014 15:04:21 +0400
On 09.01.2014 05:18, John-Mark Gurney wrote:
> Well, I was trying to manually add a route for a host on the local
> network (I can explain why, but it doesn't matter) and I got this:
Hello!
There are several different kernel & userland bugs :)

> # netstat -rnfinet
> Routing tables
>
> Internet:
> Destination        Gateway            Flags    Netif Expire
> default            192.168.0.14       UGS       re0
> 127.0.0.1          link#3             UH        lo0
> 192.168.0.0/24     link#1             U         re0
> 192.168.0.21       link#1             UHS       lo0
> # route add -host 192.168.0.254 -interface re0 -link 04:4a:31:d3:95:dc
> add net 192.168.0.254: gateway re0
"-link" specifier assumes no parameter, so the next argument is treated 
as netmask (since dst/gw are already supplied).
It is successfully parsed by getaddr() as AF_LINK sockaddr.

I've added additional check which requires dst/mask address families to 
be equal (r260472).

Historically, our kernel is a bit relaxed on checking validness for 
network masks:
it does not check family& does not perform usual (addr&mask == addr) check.
masked copy is performed instead. This is a bit tricky to fix since most 
in-kernel consumers are supplying non-masked address.
I'm going to fix this soon.


> # netstat -rnfinet
> Routing tables
>
> Internet:
> Destination        Gateway            Flags    Netif Expire
> 0.0.0.0&0x20500    90:2b:34:ab:bb:85  US        re0
Basically kernel treats sockaddr_dl as non-contiguos mask.
> default            192.168.0.14       UGS       re0
> 10.0.0.0/8         link#2             U        msk0
> 10.42.42.21        link#2             UHS       lo0
> 127.0.0.1          link#3             UH        lo0
> 192.168.0.0/24     link#1             U         re0
> 192.168.0.21       link#1             UHS       lo0
> # route delete 0.0.0.0
> delete net 0.0.0.0
> # route flush
Our rtsock protocol does not provide rtable flush, so internally 
route(8) does route dump for given table and issues RTF_DELETE messages 
for every route.
It seems that non-contiguous masks are handled incorrectly here..
> ::                   localhost            -fib 0   done
> ::ffff:0.0.0.0       localhost            -fib 0   done
> fe80::               localhost            -fib 0   done
> ff02::               localhost            -fib 0   done
> # netstat -rnfinet
> Routing tables
>
> Internet:
> Destination        Gateway            Flags    Netif Expire
> 0.0.0.0&0x20500    90:2b:34:ab:bb:85  US        re0
> 127.0.0.1          link#3             UH        lo0
> 192.168.0.0/24     link#1             U         re0
> 192.168.0.21       link#1             UHS       lo0
>
> So, as you can see, I have managed to add a bogus route w/o a way
> to remove it short of rebooting the box...  And because of this route,
You should be able to delete this using exactly the same command 
(s/add/del/).
> some hosts like svn0.us-west.freebsd.org will match causing the machine
> to try to find the ip on the local network.
>
> This route I assume should be rejected by the kernel and not added,
> or there is a mismatch between the route program and how the kernel
> understands it.
>
> I can provide more information upon request.
>
> Thanks.
>
Received on Thu Jan 09 2014 - 10:07:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:46 UTC