[PATCH iproute2] iproute get: force rtm_dst_len to 32/128

[PATCH iproute2] iproute get: force rtm_dst_len to 32/128

[Luca Boccassi]

Since NETLINK_GET_STRICT_CHK was enabled, the kernel rejects commands
that pass a prefix length, eg:

 ip route get `1.0.0.0/1
  Error: ipv4: Invalid values in header for route get request.
 ip route get 0.0.0.0/0
  Error: ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4

Since there's no point in setting a rtm_dst_len that we know is going
to be rejected, just force it to the right value if it's passed on
the command line.

Bug-Debian: https://bugs.debian.org/944730
Reported-By: Clément 'wxcafé' Hertling <wxcafe@wxcafe.net>
Signed-off-by: Luca Boccassi <bluca@debian.org>
---
As mentioned by David on:

https://www.spinics.net/lists/netdev/msg624125.html

 ip/iproute.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ip/iproute.c b/ip/iproute.c
index ebb5f160..3646d531 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -2069,7 +2069,12 @@ static int iproute_get(int argc, char **argv)
 			if (addr.bytelen)
 				addattr_l(&req.n, sizeof(req),
 					  RTA_DST, &addr.data, addr.bytelen);
-			req.r.rtm_dst_len = addr.bitlen;
+			if (req.r.rtm_family == AF_INET)
+				req.r.rtm_dst_len = 32;
+			else if (req.r.rtm_family == AF_INET6)
+				req.r.rtm_dst_len = 128;
+			else
+				req.r.rtm_dst_len = addr.bitlen;
 			address_found = true;
 		}
 		argc--; argv++;
-- 
2.29.2

Re: [PATCH iproute2] iproute get: force rtm_dst_len to 32/128

[David Ahern]

On 1/24/21 8:53 AM, Luca Boccassi wrote:
> Since NETLINK_GET_STRICT_CHK was enabled, the kernel rejects commands
> that pass a prefix length, eg:
> 
>  ip route get `1.0.0.0/1
>   Error: ipv4: Invalid values in header for route get request.
>  ip route get 0.0.0.0/0
>   Error: ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4

Those are not the best responses from the kernel for the mask setting. I
should have been clearer about src and dst masks.

> 
> Since there's no point in setting a rtm_dst_len that we know is going
> to be rejected, just force it to the right value if it's passed on
> the command line.
> 
> Bug-Debian: https://bugs.debian.org/944730
> Reported-By: Clément 'wxcafé' Hertling <wxcafe@wxcafe.net>
> Signed-off-by: Luca Boccassi <bluca@debian.org>
> ---
> As mentioned by David on:
> 
> https://www.spinics.net/lists/netdev/msg624125.html
> 
>  ip/iproute.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/ip/iproute.c b/ip/iproute.c
> index ebb5f160..3646d531 100644
> --- a/ip/iproute.c
> +++ b/ip/iproute.c
> @@ -2069,7 +2069,12 @@ static int iproute_get(int argc, char **argv)
>  			if (addr.bytelen)
>  				addattr_l(&req.n, sizeof(req),
>  					  RTA_DST, &addr.data, addr.bytelen);
> -			req.r.rtm_dst_len = addr.bitlen;
> +			if (req.r.rtm_family == AF_INET)
> +				req.r.rtm_dst_len = 32;
> +			else if (req.r.rtm_family == AF_INET6)
> +				req.r.rtm_dst_len = 128;
> +			else
> +				req.r.rtm_dst_len = addr.bitlen;
>  			address_found = true;
>  		}
>  		argc--; argv++;
> 

Since the kernel used to blindly ignore the mask, having iproute2 fix it
up seems acceptable.

I think it would be good to educate the user about invalid settings as
well - get them to fix scripts and mind set.

[PATCH iproute2 v2] iproute: force rtm_dst_len to 32/128

[Luca Boccassi]

Since NETLINK_GET_STRICT_CHK was enabled, the kernel rejects commands
that pass a prefix length, eg:

 ip route get `1.0.0.0/1
  Error: ipv4: Invalid values in header for route get request.
 ip route get 0.0.0.0/0
  Error: ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4

Since there's no point in setting a rtm_dst_len that we know is going
to be rejected, just force it to the right value if it's passed on
the command line. Print a warning to stderr to notify users.

Bug-Debian: https://bugs.debian.org/944730
Reported-By: Clément 'wxcafé' Hertling <wxcafe@wxcafe.net>
Signed-off-by: Luca Boccassi <bluca@debian.org>
---
v2: added a warning

 ip/iproute.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ip/iproute.c b/ip/iproute.c
index ebb5f160..8d4d2ff8 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -2069,7 +2069,18 @@ static int iproute_get(int argc, char **argv)
 			if (addr.bytelen)
 				addattr_l(&req.n, sizeof(req),
 					  RTA_DST, &addr.data, addr.bytelen);
-			req.r.rtm_dst_len = addr.bitlen;
+			if (req.r.rtm_family == AF_INET && addr.bitlen != 32) {
+				fprintf(stderr,
+					"Warning: /%u as prefix is invalid, only /32 (or none) is supported.\n",
+					addr.bitlen);
+				req.r.rtm_dst_len = 32;
+			} else if (req.r.rtm_family == AF_INET6 && addr.bitlen != 128) {
+				fprintf(stderr,
+					"Warning: /%u as prefix is invalid, only /128 (or none) is supported.\n",
+					addr.bitlen);
+				req.r.rtm_dst_len = 128;
+			} else
+				req.r.rtm_dst_len = addr.bitlen;
 			address_found = true;
 		}
 		argc--; argv++;
-- 
2.29.2

Re: [PATCH iproute2] iproute get: force rtm_dst_len to 32/128

[Luca Boccassi]

On Sun, 24 Jan 2021 at 17:26, David Ahern <dsahern@gmail.com> wrote:
>
> On 1/24/21 8:53 AM, Luca Boccassi wrote:
> > Since NETLINK_GET_STRICT_CHK was enabled, the kernel rejects commands
> > that pass a prefix length, eg:
> >
> >  ip route get `1.0.0.0/1
> >   Error: ipv4: Invalid values in header for route get request.
> >  ip route get 0.0.0.0/0
> >   Error: ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4
>
> Those are not the best responses from the kernel for the mask setting. I
> should have been clearer about src and dst masks.
>
> >
> > Since there's no point in setting a rtm_dst_len that we know is going
> > to be rejected, just force it to the right value if it's passed on
> > the command line.
> >
> > Bug-Debian: https://bugs.debian.org/944730
> > Reported-By: Clément 'wxcafé' Hertling <wxcafe@wxcafe.net>
> > Signed-off-by: Luca Boccassi <bluca@debian.org>
> > ---
> > As mentioned by David on:
> >
> > https://www.spinics.net/lists/netdev/msg624125.html
> >
> >  ip/iproute.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/ip/iproute.c b/ip/iproute.c
> > index ebb5f160..3646d531 100644
> > --- a/ip/iproute.c
> > +++ b/ip/iproute.c
> > @@ -2069,7 +2069,12 @@ static int iproute_get(int argc, char **argv)
> >                       if (addr.bytelen)
> >                               addattr_l(&req.n, sizeof(req),
> >                                         RTA_DST, &addr.data, addr.bytelen);
> > -                     req.r.rtm_dst_len = addr.bitlen;
> > +                     if (req.r.rtm_family == AF_INET)
> > +                             req.r.rtm_dst_len = 32;
> > +                     else if (req.r.rtm_family == AF_INET6)
> > +                             req.r.rtm_dst_len = 128;
> > +                     else
> > +                             req.r.rtm_dst_len = addr.bitlen;
> >                       address_found = true;
> >               }
> >               argc--; argv++;
> >
>
> Since the kernel used to blindly ignore the mask, having iproute2 fix it
> up seems acceptable.
>
> I think it would be good to educate the user about invalid settings as
> well - get them to fix scripts and mind set.

Sent v2 with a warning print to stderr.

Kind regards,
Luca Boccassi