thr3ads.net - freebsd stable - ppp routing bug ? [Oct 2017]

If this information is useful, please help other people find it:
Share via:

Eugene Grosbein

2017-Oct-26 22:16 UTC

ppp routing bug ?

27.10.2017 1:04, Mike Tancsa ?????:> On 10/26/2017 12:01 PM, Eugene Grosbein wrote:
>>
>> I would re-run ppp under ktrace to make sure while having "route
monitor" running around.
>> Then compare pids with kdump output.
> 
> I wonder if I copied and pasted from 2 different test sessions. Anyways,
> same PID when I re-ran the test and more importantly the same results
> (see pid.txt). The HOST flag is missing for some reason when the route
> is added by ppp vs via the shell
> 
> 29597 is the ppp process
> 
> 
> the borked route monitor looks like
> 
> got message of size 124 on Thu Oct 26 12:21:12 2017
> RTM_ADD: Add Route: len 124, pid: 29597, seq 2, errno 0,
> flags:<UP,GATEWAY,DONE,STATIC>
> locks:  inits:
> sockaddrs: <DST,GATEWAY>
>  192.168.134.2 64.7.128.7
> 
> 
> got message of size 196 on Thu Oct 26 12:21:13 2017
> RTM_CHANGE: Change Metrics or flags: len 196, pid: 29597, seq 5, errno
> 0, flags:<UP,DONE,STATIC>
> locks:  inits: <mtu>
> sockaddrs: <DST,GATEWAY,IFP,IFA>
>  192.168.134.2 64.7.128.7 tun0 98-159-244-185.agas1a-dynamic.dsl.sentex.ca
> 
> vs the one that works
> 
> got message of size 124 on Thu Oct 26 12:21:13 2017
> RTM_ADD: Add Route: len 124, pid: 29877, seq 1, errno 0,
> flags:<UP,GATEWAY,HOST,DONE,STATIC>
> locks:  inits:
> sockaddrs: <DST,GATEWAY>
>  192.168.136.1 64.7.128.7
> 
> 
> got message of size 196 on Thu Oct 26 12:21:13 2017
> RTM_CHANGE: Change Metrics or flags: len 196, pid: 29597, seq 8, errno
> 0, flags:<UP,DONE,STATIC>
> locks:  inits: <mtu>
> sockaddrs: <DST,GATEWAY,IFP,IFA>
>  192.168.136.1 64.7.128.7 tun0 98-159-244-185.agas1a-dynamic.dsl.sentex.ca
That makes sense: ppp send bogus request to the routing socket and
the request has not RTF_HOST flag nor RTA_NETMASK address.
It seems, earlier kernel code masked this bug somehow but it does not now.

Anyway, we have two bugs here: ppp sending bad request and kernel having
no enough checks for this somehow.

Fixing ppp part would be easy. Please try this patch:

--- usr.sbin/ppp/route.c.orig        2017-02-15 13:06:48.606161000 +0700
+++ usr.sbin/ppp/route.c     2017-10-27 05:14:44.006142000 +0700
@@ -801,8 +801,10 @@ rt_Set(struct bundle *bundle, int cmd, c
   if (!ncprange_ishost(dst)) {
     cp += memcpy_roundup(cp, &samask, samask.ss_len);
     rtmes.m_rtm.rtm_addrs |= RTA_NETMASK;
   }
+  else
+    rtmes.m_rtm.rtm_flags |= RTF_HOST;

   nb = cp - (char *)&rtmes;
   rtmes.m_rtm.rtm_msglen = nb;
   wb = ID0write(s, &rtmes, nb);
@@ -905,8 +907,10 @@ rt_Update(struct bundle *bundle, const s
   if (mask) {
     rtmes.m_rtm.rtm_addrs |= RTA_NETMASK;
     p += memcpy_roundup(p, mask, mask->sa_len);
   }
+  else
+    rtmes.m_rtm.rtm_flags |= RTF_HOST;

   if (ifa && ifp && ifp->sa_family == AF_LINK) {
     rtmes.m_rtm.rtm_addrs |= RTA_IFP;
     p += memcpy_roundup(p, ifp, ifp->sa_len);

Mike Tancsa

2017-Oct-27 15:36 UTC

head link

ppp routing bug ?

On 10/26/2017 6:16 PM, Eugene Grosbein wrote:> 27.10.2017 1:04, Mike Tancsa ?????:
>>
>> the borked route monitor looks like
>>
>> got message of size 124 on Thu Oct 26 12:21:12 2017
>> RTM_ADD: Add Route: len 124, pid: 29597, seq 2, errno 0,
>> flags:<UP,GATEWAY,DONE,STATIC>
>> locks:  inits:
>> sockaddrs: <DST,GATEWAY>
>>  192.168.134.2 64.7.128.7
>>
>>
>> got message of size 196 on Thu Oct 26 12:21:13 2017
>> RTM_CHANGE: Change Metrics or flags: len 196, pid: 29597, seq 5, errno
>> 0, flags:<UP,DONE,STATIC>
>> locks:  inits: <mtu>
>> sockaddrs: <DST,GATEWAY,IFP,IFA>
>>  192.168.134.2 64.7.128.7 tun0
98-159-244-185.agas1a-dynamic.dsl.sentex.ca
> 
> That makes sense: ppp send bogus request to the routing socket and
> the request has not RTF_HOST flag nor RTA_NETMASK address.
> It seems, earlier kernel code masked this bug somehow but it does not now.
> 
> Anyway, we have two bugs here: ppp sending bad request and kernel having
> no enough checks for this somehow.
> 
> Fixing ppp part would be easy. Please try this patch:
Thanks, that seems to restore the earlier functionality!

	---Mike



-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

Mike Tancsa

2017-Oct-30 13:57 UTC

head link

ppp routing bug ?

On 10/26/2017 6:16 PM, Eugene Grosbein wrote:> 
> That makes sense: ppp send bogus request to the routing socket and
> the request has not RTF_HOST flag nor RTA_NETMASK address.
> It seems, earlier kernel code masked this bug somehow but it does not now.
> 
> Anyway, we have two bugs here: ppp sending bad request and kernel having
> no enough checks for this somehow.
> 
> Fixing ppp part would be easy. Please try this patch:

Hi, Thanks again for the fix.
	Any chance of committing this to HEAD and then an MFC ?

	---Mike


-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

freebsd stable - Oct 2017 - ppp routing bug ?

ppp routing bug ?

ppp routing bug ?

ppp routing bug ?