Kernel ignores RTAX_IFP if an exact RTAX_IFA match is found
>Synopsis: Kernel ignores RTAX_IFP if an exact RTAX_IFA match is found
System : OpenBSD 6.8
Details : OpenBSD 6.8-beta (GENERIC.MP) #64: Sun Sep 6 18:19:41 MDT 2020
Machine : amd64
If an RTM_ADD command on a routing socket includes an RTA_IFA sockaddr,
and that sockaddr is an exact match for one of the interfaces in the
relevant routing domain, the RTA_IFP sockaddr is ignored. If there are
multiple interfaces with the same IP address, this can cause packets to
be sent out the wrong interface.
I expected that an RTA_IFP sockaddr will always be honored. That is,
the route will always use the interface supplied, regardless of what the
other sockaddrs in the message are. If the kernel is not able to ensure
this, it should return an error.
Run these commands as root on a machine where vether0 and vether1 do not
exist, and on which the subnet 192.0.2.0/24 (reserved for documentation)
is not in use:
The last route command will show that the route to 192.0.2.6 goes
through vether0, even though vether1 was specifically requested.
Apply the following patch to the kernel, rebuild and install a new
kernel, and reboot the system.
If userspace passes an RTAX_IFP sockaddr, but the interface
requested by that sockaddr did not exist, it would be silently ignored.
This would result in packets being incorrectly routed. This change makes
write() fail with ENXIO instead. Furthermore, panic if the kernel chooses a
route that leads to an interface that differs from what the user requested.
sys/net/rtsock.c | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)