Bug in Linux 2.5.74 IPv6 routing

Jean-Luc Richier (Jean-Luc.Richier@imag.fr)
Wed, 9 Jul 2003 19:52:37 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc-Christian Petersen: "Re: ->direct_IO API change in current 2.4 BK"
Previous message: Benjamin Herrenschmidt: "Re: [Linux-fbdev-devel] fbdev and power management"

There is a bug in IPv6 route calculation since kernel 2.5.71. It affects
all routes with prefix length != 0 (mod 8)
The bug is as follows:
do: ip -6 route add 2000::/3 via 2001:688:121:10::1
ip -6 route
It shows a route for ::/3, not for 2000::/3

The bug was introduced when changing function ipv6_addr_prefix to inline
status (and moving it from net/ipv6/route.c to include/net/ipv6.h).

At the same time the = and the memset in the function have been swapped.
(cf patch 1 below). With the new code, with a prefix length = 3, the
function first sets the correct value in pfx->s6_addr[0] and AFTER does a
memset(pfx->s6_addr + 0, 0, 16 - 0) which overwrites pfx->s6_addr[0].
The previous was doing the memset first.

There are 2 solutions to correct this bug:
- The first solution is to restore the order between = and memset (see patch 1).
But I suppose that there is a reason for this swap. In fact the old code does
not work if the 2 addr arguments are equal, the new code (corrected) works.
- So I suggest an other solution (see patch 2): if the prefix length is not
0 mod 8, increase o, as pfx->s6_addr[o) is already set.

PATCH 1: (reverse to previous code)
--- linux-2.5.74/include/net/ipv6.h.DIST 2003-07-02 22:53:44.000000000 +0200
+++ linux-2.5.74/include/net/ipv6.h 2003-07-09 19:03:13.195128011 +0200
@@ -276,10 +276,10 @@
b = plen & 0x7;

memcpy(pfx->s6_addr, addr, o);
- if (b != 0)
- pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
if (o < 16)
memset(pfx->s6_addr + o, 0, 16 - o);
+ if (b != 0)
+ pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
}

#ifndef __HAVE_ARCH_ADDR_SET

PATCH 2: avoid overwriting the set value
--- linux-2.5.74/include/net/ipv6.h.DIST 2003-07-02 22:53:44.000000000 +0200
+++ linux-2.5.74/include/net/ipv6.h 2003-07-09 18:51:25.000000000 +0200
@@ -276,8 +276,10 @@
b = plen & 0x7;

memcpy(pfx->s6_addr, addr, o);
- if (b != 0)
+ if (b != 0) {
pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
+ o++;
+ }
if (o < 16)
memset(pfx->s6_addr + o, 0, 16 - o);
}

-- 
Jean-Luc RICHIER (Jean-Luc.Richier@Imag.Fr  richier@imag.fr)
Laboratoire Logiciels, Systemes et Reseaux (LSR-IMAG)
IMAG-CAMPUS, BP 72, F-38402 St Martin d'Heres Cedex
Tel : +33 4 76 82 72 32 Fax : +33 4 76 82 72 87
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Marc-Christian Petersen: "Re: ->direct_IO API change in current 2.4 BK"
Previous message: Benjamin Herrenschmidt: "Re: [Linux-fbdev-devel] fbdev and power management"