interesting routing bug...
Alexander V. Chernikov
melifaro at FreeBSD.org
Thu Jan 9 11:07:26 UTC 2014
On 09.01.2014 05:18, John-Mark Gurney wrote:
> Well, I was trying to manually add a route for a host on the local
> network (I can explain why, but it doesn't matter) and I got this:
Hello!
There are several different kernel & userland bugs :)
> # netstat -rnfinet
> Routing tables
>
> Internet:
> Destination Gateway Flags Netif Expire
> default 192.168.0.14 UGS re0
> 127.0.0.1 link#3 UH lo0
> 192.168.0.0/24 link#1 U re0
> 192.168.0.21 link#1 UHS lo0
> # route add -host 192.168.0.254 -interface re0 -link 04:4a:31:d3:95:dc
> add net 192.168.0.254: gateway re0
"-link" specifier assumes no parameter, so the next argument is treated
as netmask (since dst/gw are already supplied).
It is successfully parsed by getaddr() as AF_LINK sockaddr.
I've added additional check which requires dst/mask address families to
be equal (r260472).
Historically, our kernel is a bit relaxed on checking validness for
network masks:
it does not check family& does not perform usual (addr&mask == addr) check.
masked copy is performed instead. This is a bit tricky to fix since most
in-kernel consumers are supplying non-masked address.
I'm going to fix this soon.
> # netstat -rnfinet
> Routing tables
>
> Internet:
> Destination Gateway Flags Netif Expire
> 0.0.0.0&0x20500 90:2b:34:ab:bb:85 US re0
Basically kernel treats sockaddr_dl as non-contiguos mask.
> default 192.168.0.14 UGS re0
> 10.0.0.0/8 link#2 U msk0
> 10.42.42.21 link#2 UHS lo0
> 127.0.0.1 link#3 UH lo0
> 192.168.0.0/24 link#1 U re0
> 192.168.0.21 link#1 UHS lo0
> # route delete 0.0.0.0
> delete net 0.0.0.0
> # route flush
Our rtsock protocol does not provide rtable flush, so internally
route(8) does route dump for given table and issues RTF_DELETE messages
for every route.
It seems that non-contiguous masks are handled incorrectly here..
> :: localhost -fib 0 done
> ::ffff:0.0.0.0 localhost -fib 0 done
> fe80:: localhost -fib 0 done
> ff02:: localhost -fib 0 done
> # netstat -rnfinet
> Routing tables
>
> Internet:
> Destination Gateway Flags Netif Expire
> 0.0.0.0&0x20500 90:2b:34:ab:bb:85 US re0
> 127.0.0.1 link#3 UH lo0
> 192.168.0.0/24 link#1 U re0
> 192.168.0.21 link#1 UHS lo0
>
> So, as you can see, I have managed to add a bogus route w/o a way
> to remove it short of rebooting the box... And because of this route,
You should be able to delete this using exactly the same command
(s/add/del/).
> some hosts like svn0.us-west.freebsd.org will match causing the machine
> to try to find the ip on the local network.
>
> This route I assume should be rejected by the kernel and not added,
> or there is a mismatch between the route program and how the kernel
> understands it.
>
> I can provide more information upon request.
>
> Thanks.
>
More information about the freebsd-current
mailing list