Message ID | m1sjv2qt68.fsf@fess.ebiederm.org |
---|---|
State | Not Applicable, archived |
Headers | show |
On 03/04/2011 04:58 PM, Eric W. Biederman wrote: > > Which if fails now if you happen to be running tftp-hpa on a secondary > ip address on the same subnet as your first ip. Because pref_source > in the routing table points at the first ip. > > The change in kernel behavior appears to be from the commit below to > honor the preferred source address in local connections. > If this is done for all local connections (as opposed to the ones that have been configured explicitly by the administrator to behave that way), that's a massive lossage. Not only does a large number of applications use this trick to determine if an address is local (e.g. allowing bypass) -- it is pretty much the only portable way to do it -- but it would cause applications which expect to get a reply back from the same address they sent a request to to completely fall on their face. tftp-hpa needs this information in order to handle clients that send their initial request to a broadcast (or multicast) address. > This all seems very fuzzy to me and mostly this appears to be a bug in > tftp-hpa but since I tracked it down I figured I would let everyone > know what happened. This seems like a broken change to me, or at the very least having seriously unintended consequences. -hpa -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: "H. Peter Anvin" <hpa@zytor.com> Date: Fri, 04 Mar 2011 17:31:00 -0800 > If this is done for all local connections (as opposed to the ones that > have been configured explicitly by the administrator to behave that > way), that's a massive lossage. Not only does a large number of > applications use this trick to determine if an address is local (e.g. > allowing bypass) -- it is pretty much the only portable way to do it -- > but it would cause applications which expect to get a reply back from > the same address they sent a request to to completely fall on their face. Actually this is what SOL_IP, IP_PKTINFO, was created for. Even glibc uses it. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index df948b0..93bfd95 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2649,8 +2649,12 @@ static int ip_route_output_slow(struct net *net, struct rtable **rp, } if (res.type == RTN_LOCAL) { - if (!fl.fl4_src) - fl.fl4_src = fl.fl4_dst; + if (!fl.fl4_src) { + if (res.fi->fib_prefsrc) + fl.fl4_src = res.fi->fib_prefsrc; + else + fl.fl4_src = fl.fl4_dst; + } dev_out = net->loopback_dev; fl.oif = dev_out->ifindex;