Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[jamal]

Andi, Alexey,

Whats wrong with this patch (just a thought, not tested or even compiled)?

---------------------------------------
--- devinet.c   2001/09/04 19:18:51     1.1
+++ devinet.c   2001/09/04 19:31:13
@@ -530,7 +530,7 @@

        if ((in_dev=__in_dev_get(dev)) != NULL) {
                for (ifap=&in_dev->ifa_list; (ifa=*ifap) != NULL;
ifap=&ifa->ifa_next)
-                       if (strcmp(ifr.ifr_name, ifa->ifa_label) == 0)
+                       if ((strcmp(ifr.ifr_name, ifa->ifa_label) == 0) ||
(sin->sin_addr.s_addr == ifa->ifa_address))
                                break;
        }
--------------------------------

cheers,
jamal

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[kuznet]

Hello!

> Whats wrong with this patch (just a thought, not tested or even compiled)?

Wrong is that it stops to work if you do not fill ifr_data.
This field in write only in 4.3BSD and in Linux.

Alexey

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

On Wed, 05 Sep 2001, jamal wrote:

> --- devinet.c   2001/09/04 19:18:51     1.1
> +++ devinet.c   2001/09/04 19:31:13
> @@ -530,7 +530,7 @@
> 
>         if ((in_dev=__in_dev_get(dev)) != NULL) {
>                 for (ifap=&in_dev->ifa_list; (ifa=*ifap) != NULL;
> ifap=&ifa->ifa_next)
> -                       if (strcmp(ifr.ifr_name, ifa->ifa_label) == 0)
> +                       if ((strcmp(ifr.ifr_name, ifa->ifa_label) == 0) ||
> (sin->sin_addr.s_addr == ifa->ifa_address))
>                                 break;
>         }

Thanks for trying to help, however, that's not going to work this way, sorry.

1. "sin" is cleared a few lines above, so you end up comparing 0.0.0.0
   against "ifa->ifa_address".

2. two interfaces can have the same configured address, your patch might
   end up returning the wrong address. You'd need to write && where you
   wrote ||, and you'd need to save the old address.

See the patch that I sent.

-- 
Matthias Andree

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

Kai Henningsen schrieb am Samstag, den 08. September 2001:

[old Postfix versions consider network classes]
> The WHAT?!
> 
> Classes have been dead since around 1993!

In case you missed that from the paragraph below that you quoted,
Postfix tries to look up the netmasks from the interfaces nowadays - and
stumbles across incompatibilities that are the reason for this thread.
You can always manually override this configuration.

> > but there have been many complaints by people that this would
> > get subnets wrong. A couple of months ago, Postfix has started to look
> > up the netmasks as well.

-- 
Matthias Andree
Outlook (Express) users: press Ctrl+F3 for the full source code of this post.
begin  dont_click_this_virus.exe
end

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Kai Henningsen]

matthias.andree@gmx.de (Matthias Andree)  wrote on 06.09.01 in <20010906151113.A29583@maggie.dt.e-technik.uni-dortmund.de>:

> Well, Postfix used to look at the addresses and deduce the network class
> for that,

The WHAT?!

Classes have been dead since around 1993!

> but there have been many complaints by people that this would
> get subnets wrong. A couple of months ago, Postfix has started to look
> up the netmasks as well.

Modern software trying to work with classes should not allowed on the  
Internet; people who don't know this should not allowed to write network  
software.


MfG Kai

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

Henning P. Schmiedehausen schrieb am Freitag, den 07. September 2001:

> wietse@porcupine.org (Wietse Venema) writes:
> 
> % cd /home/distribution/RedHat-5.2/i386/
> % ls -la kernel*
> -r--r--r--    1 root     root      2216232 Oct 14  1998 kernel-2.0.36-0.7.i386.rpm

> You don't _WANT_ to listen, do you? Andi told you many times, that
> this is an Linux 2.1+ API. RH 5.2 is a 2.0 distribution. Of course,

So Postfix would still need the code for the -2.0 (BSD) API...

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Henning P. Schmiedehausen]

wietse@porcupine.org (Wietse Venema) writes:

>It's not portable as you may believe.

>    [root@redhat52 /root]# man rtnetlink
>    No manual entry for rtnetlink

% cd /home/distribution/RedHat-5.2/i386/
% ls -la kernel*
-r--r--r--    1 root     root      2216232 Oct 14  1998 kernel-2.0.36-0.7.i386.rpm
-r--r--r--    1 root     root       536848 Oct 14  1998 kernel-headers-2.0.36-0.7.i386.rpm
-r--r--r--    1 root     root        94694 Oct 14  1998 kernel-ibcs-2.0.36-0.7.i386.rpm
-r--r--r--    1 root     root       320370 Oct 14  1998 kernel-pcmcia-cs-2.0.36-0.7.i386.rpm
-r--r--r--    1 root     root      9625252 Oct 14  1998 kernel-source-2.0.36-0.7.i386.rpm

You don't _WANT_ to listen, do you? Andi told you many times, that
this is an Linux 2.1+ API. RH 5.2 is a 2.0 distribution. Of course,
there is no man page in it for this. It's almost three years
old. There are from this particular vendor, _FIVE_ newer distributions. 
What do you want to tell us? That you're living in the past?

Please stop constructing cases. Linux did move on slightly in the last
three years. Maybe some other OSes didn't.

	Regards
		Henning
-- 
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen       -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH     hps@intermeta.de

Am Schwabachgrund 22  Fon.: 09131 / 50654-0   info@intermeta.de
D-91054 Buckenhof     Fax.: 09131 / 50654-20   

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Sam Varshavchik]

Alan Cox writes: 

>> > how everyone did it but they guys with the "newfangled, really not how it
>> > should be done, definitely not cricket"  machine guns got the last laugh 
>> 
>> Keep your superiority complex out of my mailbox, thank you.
> 
> What is it about so many mail system authors and lacking sense of humour. 

I resemble that remark in the most strongest terms possible.  I have you 
know that I am very well known for my easy-going nature, and friendly 
attitude.  So there. 

-- 
Sam 

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Andi Kleen]

On Thu, Sep 06, 2001 at 02:51:24PM -0400, Wietse Venema wrote:
> > On Wed, Sep 05, 2001 at 05:23:26PM -0400, Wietse Venema wrote:
> > > On a more serious note, what portable primitives does Linux offer
> > > to look up all interface IP addresses and their corresponding
> > > netmasks?
> > 
> > man rtnetlink 7
> 
> It's not portable as you may believe.

The man pages are actually came years later than the code due to some accidents.
That doesn't change the existence of the code.

> 
>     [root@redhat52 /root]# man rtnetlink
>     No manual entry for rtnetlink
> 
> This was released only three years ago.
> 
> But it does not matter. The code needs to be written anyway.
> 
> Do you have more to share than RFTM? Pointers to code?

Most prominent example is iproute2. It should be included as source with any 
recent linux distribution. Others are zebra or bird.

-Andi

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Wietse Venema]

Andi Kleen:
> [Sending a similar mail for the third time now; you conveniently chosed 
> to ignore all earlier ones of me in the discussion. I will not send another
> one, but just quietly think "Wietse is a moron" before forgetting the issue]

Oh, come on. I was asking for more than RTFM.

> On Wed, Sep 05, 2001 at 05:23:26PM -0400, Wietse Venema wrote:
> > On a more serious note, what portable primitives does Linux offer
> > to look up all interface IP addresses and their corresponding
> > netmasks?
> 
> man rtnetlink 7

It's not portable as you may believe.

    [root@redhat52 /root]# man rtnetlink
    No manual entry for rtnetlink

This was released only three years ago.

But it does not matter. The code needs to be written anyway.

Do you have more to share than RFTM? Pointers to code?

	Wietse

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Andi Kleen]

[Sending a similar mail for the third time now; you conveniently chosed 
to ignore all earlier ones of me in the discussion. I will not send another
one, but just quietly think "Wietse is a moron" before forgetting the issue]

On Wed, Sep 05, 2001 at 05:23:26PM -0400, Wietse Venema wrote:
> On a more serious note, what portable primitives does Linux offer
> to look up all interface IP addresses and their corresponding
> netmasks?

man rtnetlink 7

> The primitives used in Postfix work on all supported systems, except
> for Linux where they work partially.
> 
> Portability is a relative thing - it would be wonderful already if
> your primitive supports the past three years of kernel releases.

It does (Since 2.1.x;x>=2x or so)

-Andi

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Alan Cox]

> > > Even if it checked the address it would not be unique because you can have multiple
> > > interfaces with the same addresses but different netmasks.
> 
> The same IP address with different netmasks on the same hardware
> interface? The mind boggles. How does one handle broadcasts?

Same as before. You have two for a single IP address/netmask
(255.255.255.255 and the local one). You have another per address/mask pair
you add.

The application supplies a target broadcast address so there isnt any real
problem

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

On Thu, 06 Sep 2001, Wietse Venema wrote:

> If Linux insists on breaking SIOCGIFCONF then so be it, even though
> it works perfectly well on any non-Linux system that I could lay
> my hands on.

Linux does not break SIOCGIFCONF as far as I can see, but
SIOCGIFNETMASK. Your inet_addr_local obtains all interfaces's addresses,
it just gets the wrong netmasks back.

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

On Thu, 06 Sep 2001, Andrey Savochkin wrote:

> Andi, it's right to the point.

It's false.

> The only one good reason for an SMTP server to bother about IP addresses at
> all is a quick check for mail loops, i.e. a check at the moment of opening
> TCP connection to send a message whether your peer is yourself.
> Bothering about network masks just doesn't have any valid grounds.
> It's not possible to answer the right question (whether you talk to yourself)
> inspecting IP addresses.
> In the original example, mail systems on 192.168.0.4 and 192.168.1.1 may be
> different.

I'm not sure where and why you deduce the idea this is about MTA loop
detection or peer recognition.

Any application that uses SIOCGIFNETMASK would do, it just happened that
Postfix's inet_addr_local was the tool I used when I found out the
sysctl had returned the first netmask for the second address on Linux,
but not on FreeBSD.

> So, the very right way of doing things is:
>  - make admin specify the listening addresses for a mail system in the
>    configuration and use them to check for loops;

Or just use IPADDR_ANY...

>  - never try to learn anything about networking configuration.

...which is wrong, because the MTA must know its own IP addresses to
accept domain literals, and SIOCGIFCONF works and returns all addresses,
it just happens that looking up the second and subsequent masks fails.
Please see RFC-1123, section 5.2.17, for details.

-- 
Matthias Andree

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Wietse Venema]

Andrey Savochkin:
> > Even if it checked the address it would not be unique because you can have multiple
> > interfaces with the same addresses but different netmasks.

The same IP address with different netmasks on the same hardware
interface? The mind boggles. How does one handle broadcasts?

> The only one good reason for an SMTP server to bother about IP addresses at
> all is a quick check for mail loops, i.e. a check at the moment of opening
> TCP connection to send a message whether your peer is yourself.
> Bothering about network masks just doesn't have any valid grounds.

The issue is not MTA loop detection.

Postfix uses the local netmask info to distinguish between local
and remote networks. At the discretion of the sysadmin, systems on
local subnets can be granted different rights than random systems
on the Internet.

If Linux insists on breaking SIOCGIFCONF then so be it, even though
it works perfectly well on any non-Linux system that I could lay
my hands on.

	Wietse

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Andrey Savochkin]

Hi,

On Wed, Sep 05, 2001 at 09:26:50PM +0200, Andi Kleen wrote:
> Matthias Andree <matthias.andree@stud.uni-dortmund.de> writes:
> > 
> > I believe this would require fixing for compatibility reasons, in the
> > sense that the address is also compared to figure the interface, but I'm
> > out of time now and cannot try anything before tomorrow, I'd happily
> > test patches sent by then.
> 
> Even if it checked the address it would not be unique because you can have multiple
> interfaces with the same addresses but different netmasks.
> The SIOCGIFNETMASK interface is just broken. If you really wanted it you should use
> rtnetlink instead, which allows multiple answers to a single question.
> Likely postfix doesn't really need it though, the concept of checking for "local"
> address is pretty dubious and likely to be incorrect for many cases.

Andi, it's right to the point.
The only one good reason for an SMTP server to bother about IP addresses at
all is a quick check for mail loops, i.e. a check at the moment of opening
TCP connection to send a message whether your peer is yourself.
Bothering about network masks just doesn't have any valid grounds.

In fact, sending message to yourself this way is not a disaster, mail system
has loop protection by design.  However, sending message to yourself wastes
system resources.

It's not possible to answer the right question (whether you talk to yourself)
inspecting IP addresses.
One may have several mail servers on a single computer, each with its own
configuration file, using different local IP addresses.
In the original example, mail systems on 192.168.0.4 and 192.168.1.1 may be
different.

So, the very right way of doing things is:
 - make admin specify the listening addresses for a mail system in the
   configuration and use them to check for loops;
 - never try to learn anything about networking configuration.

	Andrey

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

Andi Kleen schrieb am Mittwoch, den 05. September 2001:

> Even if it checked the address it would not be unique because you can
> have multiple interfaces with the same addresses but different
> netmasks.  The SIOCGIFNETMASK interface is just broken. If you really

Well, I cannot configure the same address/netmask pair more than once
for the same interface, I'm getting "file exists" back from the ip
command. FreeBSD looks up the name/address pair.

> wanted it you should use rtnetlink instead, which allows multiple
> answers to a single question.  Likely postfix doesn't really need it
> though, the concept of checking for "local" address is pretty dubious
> and likely to be incorrect for many cases.

Well, Postfix used to look at the addresses and deduce the network class
for that, but there have been many complaints by people that this would
get subnets wrong. A couple of months ago, Postfix has started to look
up the netmasks as well.

-- 
Matthias Andree

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Wietse Venema]

On a more serious note, what portable primitives does Linux offer
to look up all interface IP addresses and their corresponding
netmasks?

The primitives used in Postfix work on all supported systems, except
for Linux where they work partially.

Portability is a relative thing - it would be wonderful already if
your primitive supports the past three years of kernel releases.

	Wietse

Alan Cox:
> > > the mask for the requested address. This doesn't matter as long as
> > > eth0:0-style aliases are configured with ifconfig, but it does matter as
> > > soon as ip comes into play and both addresses are assigned to eth0
> > > rather than eth0 and eth0:0.
> > 
> > I think the silence you are hearing from the lkml is a bunch of people thinking
> > "Oh, crap!".
> 
> Actually its probably a bunch of people thinking "I wonder if someone else
> forwarded this to netdev@oss.sgi.com"
> 

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Andi Kleen]

Matthias Andree <matthias.andree@stud.uni-dortmund.de> writes:
> 
> I believe this would require fixing for compatibility reasons, in the
> sense that the address is also compared to figure the interface, but I'm
> out of time now and cannot try anything before tomorrow, I'd happily
> test patches sent by then.


Even if it checked the address it would not be unique because you can have multiple
interfaces with the same addresses but different netmasks.
The SIOCGIFNETMASK interface is just broken. If you really wanted it you should use
rtnetlink instead, which allows multiple answers to a single question.
Likely postfix doesn't really need it though, the concept of checking for "local"
address is pretty dubious and likely to be incorrect for many cases.

-Andi

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Alan Cox]

> > the mask for the requested address. This doesn't matter as long as
> > eth0:0-style aliases are configured with ifconfig, but it does matter as
> > soon as ip comes into play and both addresses are assigned to eth0
> > rather than eth0 and eth0:0.
> 
> I think the silence you are hearing from the lkml is a bunch of people thinking
> "Oh, crap!".

Actually its probably a bunch of people thinking "I wonder if someone else
forwarded this to netdev@oss.sgi.com"

Re: ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Christopher Friesen]

Matthias Andree wrote:

> Wietse Venema and I are wondering about different Linux 2.2/2.4 and
> FreeBSD 4.4-RC behaviour when using ioctls to figure interface netmasks,
> FreeBSD gets it right, Linux 2.4.9 and 2.4.9-ac7 get it wrong, and from
> looking at the source, I think, Linux 2.2.19 gets it wrong as well.

> Looking at Linux' Kernel source, Linux 2.4.9 compares just the ifr_name,
> /usr/src/linux/net/ipv4/devinet.c, function devinet_ioctl, ll.  463 ff.
> in 2.4.9, so Linux always returns the mask for the first address, not
> the mask for the requested address. This doesn't matter as long as
> eth0:0-style aliases are configured with ifconfig, but it does matter as
> soon as ip comes into play and both addresses are assigned to eth0
> rather than eth0 and eth0:0.


I think the silence you are hearing from the lkml is a bunch of people thinking
"Oh, crap!".

Chris

-- 
Chris Friesen                    | MailStop: 043/33/F10  
Nortel Networks                  | work: (613) 765-0557
3500 Carling Avenue              | fax:  (613) 765-2986
Nepean, ON K2H 8E9 Canada        | email: cfriesen@nortelnetworks.com

ioctl SIOCGIFNETMASK: ip alias bug 2.4.9 and 2.2.19

[Matthias Andree]

-----BEGIN PGP SIGNED MESSAGE-----

Dear network experts, dear lurkers,

Wietse Venema and I are wondering about different Linux 2.2/2.4 and
FreeBSD 4.4-RC behaviour when using ioctls to figure interface netmasks,
FreeBSD gets it right, Linux 2.4.9 and 2.4.9-ac7 get it wrong, and from
looking at the source, I think, Linux 2.2.19 gets it wrong as well.

Please Cc: replies back, I'm not on the -net list, and I'm not sure if
Wietse is on either list.

In either case, inet_addr_local, which Postfix uses to figure local
address/netmask pairs, does this:

1. obtain SIOCGIFCONF list
2. for each AF_INET entry in the list from (1.), do:
   2.1 pull out the address from ifr and store it away
   2.2 copy the whole request to an ifr_mask structure
   2.3 ioctl(somesocket, SIOCGIFNETMASK, ifr_mask)
   2.4 pull out the mask and store it away

Example:

FreeBSD 4.4-RC:

# ifconfig xl0 alias 192.168.1.1/28    # add alias
# ifconfig xl0                         # display, only relevant part quoted
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.0.4 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.1.1 netmask 0xfffffff0 broadcast 192.168.1.15
# ./inet_addr_local # what Postfix figures
192.168.0.4/255.255.255.0
192.168.1.1/255.255.255.240
127.0.0.1/255.0.0.0

- -> works.

Linux: 

# ip addr add 192.168.1.1/28 dev eth0  # add alias without label eth0:0
# ip addr show dev eth0                # 
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:60:08:6f:8a:5e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
    inet 192.168.1.1/28 scope global eth0
# ./inet_addr_local
127.0.0.1/255.0.0.0
192.168.0.1/255.255.255.0
192.168.1.1/255.255.255.0

- -> oops, 192.168.1.1 got wrong netmask.

Digging with gdb on either platform, the interface name is xl0 for all
addresses on FreeBSD (no :0 or something) and eth0 on Linux (no :0 or
something). There is no platform-dependent code in inet_addr_local.

Looking at FreeBSD's Kernel source, FreeBSD iterates over the addresses:
/usr/src/sys/netinet/in.c, function in_control, ll. 189ff in my version,
comparing against ifr_addr.

Looking at Linux' Kernel source, Linux 2.4.9 compares just the ifr_name,
/usr/src/linux/net/ipv4/devinet.c, function devinet_ioctl, ll.  463 ff.
in 2.4.9, so Linux always returns the mask for the first address, not
the mask for the requested address. This doesn't matter as long as
eth0:0-style aliases are configured with ifconfig, but it does matter as
soon as ip comes into play and both addresses are assigned to eth0
rather than eth0 and eth0:0.




I believe this would require fixing for compatibility reasons, in the
sense that the address is also compared to figure the interface, but I'm
out of time now and cannot try anything before tomorrow, I'd happily
test patches sent by then.

Would net/ipv4/devinet.c be the only place to fix or are there other
places that do also need fixing?


Non-Postfix guys: Here's how to build inet_addr_local:

1. fetch /mirrors/postfix-release/official/postfix-20010228-pl04.tar.gz
   from ftp.porcupine.org
2. unpack the sources, then do:
   make Makefiles ; cd src/util ; make inet_addr_local
3. add an IP alias to any network (eth in my case), but let it have a
   different netmask than the primary address of the net.

Thanks a lot in advance!

Cheers,

- -- 
Matthias Andree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iQCVAwUBO5ZQgydEoB0mv1ypAQEzvAP+IMWRaKR+Bvzxbhd/fJCNR8oq//U06kP3
mg1KIoOKX3PBfNkxIZW4l+oTt9wxHAXHJUJ1W6w3T43xlBlcHi4Y70XNKqbyCFiB
n6l+q0JFHv+qV4pWxJCG1sz20nrwK/nUwf+5nxcGAdetPnPBXpndGtiX66nzNtka
NGO38uOvIuA=
=587q
-----END PGP SIGNATURE-----