ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Matthias Andre » Fri, 07 Sep 2001 01:30:12



-----BEGIN PGP SIGNED MESSAGE-----

Dear network experts, dear lurkers,

Wietse Venema and I are wondering about different Linux 2.2/2.4 and
FreeBSD 4.4-RC behaviour when using ioctls to figure interface netmasks,
FreeBSD gets it right, Linux 2.4.9 and 2.4.9-ac7 get it wrong, and from
looking at the source, I think, Linux 2.2.19 gets it wrong as well.

Please Cc: replies back, I'm not on the -net list, and I'm not sure if
Wietse is on either list.

In either case, inet_addr_local, which Postfix uses to figure local
address/netmask pairs, does this:

1. obtain SIOCGIFCONF list
2. for each AF_INET entry in the list from (1.), do:
   2.1 pull out the address from ifr and store it away
   2.2 copy the whole request to an ifr_mask structure
   2.3 ioctl(somesocket, SIOCGIFNETMASK, ifr_mask)
   2.4 pull out the mask and store it away

Example:

FreeBSD 4.4-RC:

# ifconfig xl0 alias 192.168.1.1/28    # add alias
# ifconfig xl0                         # display, only relevant part quoted
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.0.4 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.1.1 netmask 0xfffffff0 broadcast 192.168.1.15
# ./inet_addr_local # what Postfix figures
192.168.0.4/255.255.255.0
192.168.1.1/255.255.255.240
127.0.0.1/255.0.0.0

- -> works.

Linux:

# ip addr add 192.168.1.1/28 dev eth0  # add alias without label eth0:0
# ip addr show dev eth0                #
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:60:08:6f:8a:5e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
    inet 192.168.1.1/28 scope global eth0
# ./inet_addr_local
127.0.0.1/255.0.0.0
192.168.0.1/255.255.255.0
192.168.1.1/255.255.255.0

- -> oops, 192.168.1.1 got wrong netmask.

Digging with gdb on either platform, the interface name is xl0 for all
addresses on FreeBSD (no :0 or something) and eth0 on Linux (no :0 or
something). There is no platform-dependent code in inet_addr_local.

Looking at FreeBSD's Kernel source, FreeBSD iterates over the addresses:
/usr/src/sys/netinet/in.c, function in_control, ll. 189ff in my version,
comparing against ifr_addr.

Looking at Linux' Kernel source, Linux 2.4.9 compares just the ifr_name,
/usr/src/linux/net/ipv4/devinet.c, function devinet_ioctl, ll.  463 ff.
in 2.4.9, so Linux always returns the mask for the first address, not
the mask for the requested address. This doesn't matter as long as
eth0:0-style aliases are configured with ifconfig, but it does matter as
soon as ip comes into play and both addresses are assigned to eth0
rather than eth0 and eth0:0.

I believe this would require fixing for compatibility reasons, in the
sense that the address is also compared to figure the interface, but I'm
out of time now and cannot try anything before tomorrow, I'd happily
test patches sent by then.

Would net/ipv4/devinet.c be the only place to fix or are there other
places that do also need fixing?

Non-Postfix guys: Here's how to build inet_addr_local:

1. fetch /mirrors/postfix-release/official/postfix-20010228-pl04.tar.gz
   from ftp.porcupine.org
2. unpack the sources, then do:
   make Makefiles ; cd src/util ; make inet_addr_local
3. add an IP alias to any network (eth in my case), but let it have a
   different netmask than the primary address of the net.

Thanks a lot in advance!

Cheers,

- --
Matthias Andree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iQCVAwUBO5ZQgydEoB0mv1ypAQEzvAP+IMWRaKR+Bvzxbhd/fJCNR8oq//U06kP3
mg1KIoOKX3PBfNkxIZW4l+oTt9wxHAXHJUJ1W6w3T43xlBlcHi4Y70XNKqbyCFiB
n6l+q0JFHv+qV4pWxJCG1sz20nrwK/nUwf+5nxcGAdetPnPBXpndGtiX66nzNtka
NGO38uOvIuA=
=587q
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Christopher Friese » Fri, 07 Sep 2001 03:30:19



> Wietse Venema and I are wondering about different Linux 2.2/2.4 and
> FreeBSD 4.4-RC behaviour when using ioctls to figure interface netmasks,
> FreeBSD gets it right, Linux 2.4.9 and 2.4.9-ac7 get it wrong, and from
> looking at the source, I think, Linux 2.2.19 gets it wrong as well.
> Looking at Linux' Kernel source, Linux 2.4.9 compares just the ifr_name,
> /usr/src/linux/net/ipv4/devinet.c, function devinet_ioctl, ll.  463 ff.
> in 2.4.9, so Linux always returns the mask for the first address, not
> the mask for the requested address. This doesn't matter as long as
> eth0:0-style aliases are configured with ifconfig, but it does matter as
> soon as ip comes into play and both addresses are assigned to eth0
> rather than eth0 and eth0:0.

I think the silence you are hearing from the lkml is a bunch of people thinking
"Oh, crap!".

Chris

--
Chris Friesen                    | MailStop: 043/33/F10  
Nortel Networks                  | work: (613) 765-0557
3500 Carling Avenue              | fax:  (613) 765-2986

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Alan Co » Fri, 07 Sep 2001 03:40:08


Quote:> > the mask for the requested address. This doesn't matter as long as
> > eth0:0-style aliases are configured with ifconfig, but it does matter as
> > soon as ip comes into play and both addresses are assigned to eth0
> > rather than eth0 and eth0:0.

> I think the silence you are hearing from the lkml is a bunch of people thinking
> "Oh, crap!".

Actually its probably a bunch of people thinking "I wonder if someone else

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Wietse Vene » Fri, 07 Sep 2001 06:30:10


On a more serious note, what portable primitives does Linux offer
to look up all interface IP addresses and their corresponding
netmasks?

The primitives used in Postfix work on all supported systems, except
for Linux where they work partially.

Portability is a relative thing - it would be wonderful already if
your primitive supports the past three years of kernel releases.

        Wietse

Alan Cox:

> > > the mask for the requested address. This doesn't matter as long as
> > > eth0:0-style aliases are configured with ifconfig, but it does matter as
> > > soon as ip comes into play and both addresses are assigned to eth0
> > > rather than eth0 and eth0:0.

> > I think the silence you are hearing from the lkml is a bunch of people thinking
> > "Oh, crap!".

> Actually its probably a bunch of people thinking "I wonder if someone else


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Matthias Andre » Fri, 07 Sep 2001 22:20:08


Andi Kleen schrieb am Mittwoch, den 05. September 2001:

Quote:> Even if it checked the address it would not be unique because you can
> have multiple interfaces with the same addresses but different
> netmasks.  The SIOCGIFNETMASK interface is just broken. If you really

Well, I cannot configure the same address/netmask pair more than once
for the same interface, I'm getting "file exists" back from the ip
command. FreeBSD looks up the name/address pair.

Quote:> wanted it you should use rtnetlink instead, which allows multiple
> answers to a single question.  Likely postfix doesn't really need it
> though, the concept of checking for "local" address is pretty dubious
> and likely to be incorrect for many cases.

Well, Postfix used to look at the addresses and deduce the network class
for that, but there have been many complaints by people that this would
get subnets wrong. A couple of months ago, Postfix has started to look
up the netmasks as well.

--
Matthias Andree
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Matthias Andre » Fri, 07 Sep 2001 23:20:09



> Andi, it's right to the point.

It's false.

Quote:> The only one good reason for an SMTP server to bother about IP addresses at
> all is a quick check for mail loops, i.e. a check at the moment of opening
> TCP connection to send a message whether your peer is yourself.
> Bothering about network masks just doesn't have any valid grounds.
> It's not possible to answer the right question (whether you talk to yourself)
> inspecting IP addresses.
> In the original example, mail systems on 192.168.0.4 and 192.168.1.1 may be
> different.

I'm not sure where and why you deduce the idea this is about MTA loop
detection or peer recognition.

Any application that uses SIOCGIFNETMASK would do, it just happened that
Postfix's inet_addr_local was the tool I used when I found out the
sysctl had returned the first netmask for the second address on Linux,
but not on FreeBSD.

Quote:> So, the very right way of doing things is:
>  - make admin specify the listening addresses for a mail system in the
>    configuration and use them to check for loops;

Or just use IPADDR_ANY...

Quote:>  - never try to learn anything about networking configuration.

...which is wrong, because the MTA must know its own IP addresses to
accept domain literals, and SIOCGIFCONF works and returns all addresses,
it just happens that looking up the second and subsequent masks fails.
Please see RFC-1123, section 5.2.17, for details.

--
Matthias Andree
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Andi Klee » Sat, 08 Sep 2001 03:40:10


[Sending a similar mail for the third time now; you conveniently chosed
to ignore all earlier ones of me in the discussion. I will not send another
one, but just quietly think "Wietse is a moron" before forgetting the issue]


> On a more serious note, what portable primitives does Linux offer
> to look up all interface IP addresses and their corresponding
> netmasks?

man rtnetlink 7

Quote:> The primitives used in Postfix work on all supported systems, except
> for Linux where they work partially.

> Portability is a relative thing - it would be wonderful already if
> your primitive supports the past three years of kernel releases.

It does (Since 2.1.x;x>=2x or so)

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Wietse Vene » Sat, 08 Sep 2001 04:00:11


Andi Kleen:

Quote:> [Sending a similar mail for the third time now; you conveniently chosed
> to ignore all earlier ones of me in the discussion. I will not send another
> one, but just quietly think "Wietse is a moron" before forgetting the issue]

Oh, come on. I was asking for more than RTFM.


> > On a more serious note, what portable primitives does Linux offer
> > to look up all interface IP addresses and their corresponding
> > netmasks?

> man rtnetlink 7

It's not portable as you may believe.


    No manual entry for rtnetlink

This was released only three years ago.

But it does not matter. The code needs to be written anyway.

Do you have more to share than RFTM? Pointers to code?

        Wietse
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Andi Klee » Sat, 08 Sep 2001 04:10:06




> > > On a more serious note, what portable primitives does Linux offer
> > > to look up all interface IP addresses and their corresponding
> > > netmasks?

> > man rtnetlink 7

> It's not portable as you may believe.

The man pages are actually came years later than the code due to some accidents.
That doesn't change the existence of the code.


>     No manual entry for rtnetlink

> This was released only three years ago.

> But it does not matter. The code needs to be written anyway.

> Do you have more to share than RFTM? Pointers to code?

Most prominent example is iproute2. It should be included as source with any
recent linux distribution. Others are zebra or bird.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Post by Matthias Andre » Sat, 08 Sep 2001 20:20:11


Henning P. Schmiedehausen schrieb am Freitag, den 07. September 2001:


> % cd /home/distribution/RedHat-5.2/i386/
> % ls -la kernel*
> -r--r--r--    1 root     root      2216232 Oct 14  1998 kernel-2.0.36-0.7.i386.rpm
> You don't _WANT_ to listen, do you? Andi told you many times, that
> this is an Linux 2.1+ API. RH 5.2 is a 2.0 distribution. Of course,

So Postfix would still need the code for the -2.0 (BSD) API...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/