Projects
openEuler:20.03:LTS:SP3
iputils
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 6
View file
_service:tar_scm_kernel_repo:iputils.spec
Changed
@@ -1,6 +1,6 @@ Name: iputils Version: 20190709 -Release: 8 +Release: 9 Summary: Network monitoring tools including ping License: BSD and GPLv2+ URL: https://github.com/iputils/iputils @@ -18,6 +18,9 @@ Patch6001: 0002-iputils-arpings-count.patch Patch6002: bugfix-arpping-make-update-neighbours-work-again.patch Patch6003: bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch +Patch6004: backport-fix-ARP-protocol-field-for-AX.25-and-NETROM.patch +Patch6005: backport-ping-Fix-ping6-binding-to-VRF-and-address.patch +Patch6006: backport-ping6-Avoid-binding-to-non-VRF.patch Patch9000: bugfix-fix-ping-dead-loop.patch Patch9001: bugfix-arping-w-does-not-take-effect.patch @@ -49,6 +52,9 @@ %patch6001 -p1 %patch6002 -p1 %patch6003 -p1 +%patch6004 -p1 +%patch6005 -p1 +%patch6006 -p1 %patch9000 -p1 %patch9001 -p1 %patch9002 -p1 @@ -107,6 +113,14 @@ %{_mandir}/man8/*.8.gz %changelog +* Sat May 14 2022 yanglu <yanglu72@h-partners.com> - 20190709-9 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix ping6 binding to VRF and address + Avoid binding to non-VRF + Fix ARP protocol field for AX.25 and NETROM + * Mon Dec 27 2021 liugang <liuganga@uniontech.com> - 20190709-8 - Type:bugfix - Id:NA
View file
_service:tar_scm_kernel_repo:backport-fix-ARP-protocol-field-for-AX.25-and-NETROM.patch
Added
@@ -0,0 +1,96 @@ +From 4646703f6d8eb46355752ec033945405ca482d4e Mon Sep 17 00:00:00 2001 +From: Ralf Baechle <ralf@linux-mips.org> +Date: Tue, 7 Feb 2017 22:10:51 +0100 +Subject: [PATCH] arping: Fix ARP protocol field for AX.25 and NETROM + +Conflict:NA +Reference:https://github.com/iputils/iputils/commit/4646703f6d8eb46355752ec033945405ca482d4e.patch + +AX.25 and NETROM differ from other, more ethernet-like protocols in that +they are not using a DIX protocol number but the AX.25 PID. The arping code +doesn't handle this special case resulting in invalid ARP packets being sent. + +The interface bpq0 is an AX.25-over-ethernet interface. Without this +fix: + + # arping -c 1 -I bpq0 172.20.1.3 + ARPING 172.20.1.3 from 172.20.1.2 bpq0 + Sent 1 probes (1 broadcast(s)) + Received 0 response(s) + +With this fix: + + # arping -c 1 -I bpq0 172.20.1.3 + ARPING 172.20.1.3 from 172.20.1.2 bpq0 + Unicast reply from 172.20.1.3 [88:98:60:A0:92:40:02] 1.402ms + Sent 1 probes (1 broadcast(s)) + Received 1 response(s) + +Closes: https://github.com/iputils/iputils/pull/360 + +Reviewed-by: Petr Vorel <pvorel@suse.cz> +Signed-off-by: Ralf Baechle <ralf@linux-mips.org> +[ pvorel: add new lines for readability ] +Signed-off-by: Petr Vorel <pvorel@suse.cz> +--- + arping.c | 32 +++++++++++++++++++++++++++++--- + 1 file changed, 29 insertions(+), 3 deletions(-) + +diff --git a/arping.c b/arping.c +index 53fdbb48..5df6d9f0 100644 +--- a/arping.c ++++ b/arping.c +@@ -37,6 +37,14 @@ + + #include "iputils_common.h" + ++/* ++ * As of July 2021 AX.25 PID values are not currently defined in any ++ * userspace headers. ++ */ ++#ifndef AX25_P_IP ++# define AX25_P_IP 0xcc /* ARPA Internet Protocol */ ++#endif ++ + #ifdef DEFAULT_DEVICE + # define DEFAULT_DEVICE_STR DEFAULT_DEVICE + #else +@@ -248,7 +256,17 @@ static int send_pack(struct run_state *ctl) + ah->ar_hrd = htons(ME->sll_hatype); + if (ah->ar_hrd == htons(ARPHRD_FDDI)) + ah->ar_hrd = htons(ARPHRD_ETHER); +- ah->ar_pro = htons(ETH_P_IP); ++ ++ /* ++ * Exceptions everywhere. AX.25 uses the AX.25 PID value not the ++ * DIX code for the protocol. Make these device structure fields. ++ */ ++ if (ah->ar_hrd == htons(ARPHRD_AX25) || ++ ah->ar_hrd == htons(ARPHRD_NETROM)) ++ ah->ar_pro = htons(AX25_P_IP); ++ else ++ ah->ar_pro = htons(ETH_P_IP); ++ + ah->ar_hln = ME->sll_halen; + ah->ar_pln = 4; + ah->ar_op = ctl->advert ? htons(ARPOP_REPLY) : htons(ARPOP_REQUEST); +@@ -341,9 +359,17 @@ static int recv_pack(struct run_state *ctl, unsigned char *buf, ssize_t len, + (FROM->sll_hatype != ARPHRD_FDDI || ah->ar_hrd != htons(ARPHRD_ETHER))) + return 0; + +- /* Protocol must be IP. */ +- if (ah->ar_pro != htons(ETH_P_IP)) ++ /* ++ * Protocol must be IP - but exceptions everywhere. AX.25 and NETROM ++ * use the AX.25 PID value not the DIX code for the protocol. ++ */ ++ if (ah->ar_hrd == htons(ARPHRD_AX25) || ++ ah->ar_hrd == htons(ARPHRD_NETROM)) { ++ if (ah->ar_pro != htons(AX25_P_IP)) ++ return 0; ++ } else if (ah->ar_pro != htons(ETH_P_IP)) + return 0; ++ + if (ah->ar_pln != 4) + return 0; + if (ah->ar_hln != ((struct sockaddr_ll *)&ctl->me)->sll_halen)
View file
_service:tar_scm_kernel_repo:backport-ping-Fix-ping6-binding-to-VRF-and-address.patch
Added
@@ -0,0 +1,97 @@ +From 7c65999f98bc4a1984594b7fad1af0eaf0b9d34b Mon Sep 17 00:00:00 2001 +From: Lahav Schlesinger <lschlesinger@drivenets.com> +Date: Wed, 30 Jun 2021 13:06:13 +0300 +Subject: [PATCH] ping: Fix ping6 binding to VRF and address + +Since Linux kernel commit 1893ff20275b ("net/ipv6: Add l3mdev check to +ipv6_chk_addr_and_flags") from v4.17-rc1 ping fails when trying to +create IPv6 SOCK_RAW socket (e.g. if net.ipv4.ping_group_range = 1 0) +and passing both -I <vrf_interface> and -I <local_ipv6_addr>. +It works for IPv4 SOCK_RAW socket. + + # ip netns add tmp_ns + # ip -n tmp_ns link add vrf_1 type vrf table 10001 + # ip -n tmp_ns link add lo10 type dummy + # ip -n tmp_ns link set lo10 master vrf_1 + # ip -n tmp_ns link set vrf_1 up + # ip -n tmp_ns link set lo10 up + # ip -n tmp_ns link set lo up + # ip -n tmp_ns addr add 1:2::3:4/128 dev lo10 + # ip -n tmp_ns addr add 1.2.3.4/32 dev lo10 + + # ip netns exec tmp_ns ping -6 1:2::3:4 -I vrf_1 -I 1:2::3:4 -c 1 # IPv6 broken + ping: bind icmp socket: Cannot assign requested address + + # ping 1.2.3.4 -I vrf_1 -I 1.2.3.4 -c 1 # IPv4 working + PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 vrf_1: 56(84) bytes of data. + 64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.090 ms + + --- 1.2.3.4 ping statistics --- + 1 packets transmitted, 1 received, 0% packet loss, time 0ms + rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms + +ping fails because it doesn't actually bind to the VRF interface, while +after 1893ff20275b, binding to an IPv6 address searches only on the same +l3mdev as the device the function receives. If the socket wasn't +SO_BINDTODEVICE-ed, then the kernel will only search for devices that +are not ensalved to an l3mdev device (= in the default VRF), which will +cause the bind() to fail. + +Only SOCK_RAW socket is affected. SOCK_DGRAM is not affected because +Linux kernel doesn't check the device the socket was SO_BINDTODEVICE-ed +to, but only the device from addr->sin6_scope_id (which if none is +passed, it will again only search devices in the default VRF). + +NOTE: creating network namespace to reproduce the issue is needed just +on systems with net.ipv4.ping_group_range = 0 2147483647 (e.g. current +Fedora, openSUSE, Ubuntu), which causes to use SOCK_DGRAM socket. +Alternatively to force SOCK_RAW to it'd be enough just to properly set +net.ipv4.ping_group_range: + + # echo "1 0" > /proc/sys/net/ipv4/ping_group_range + +Closes: https://github.com/iputils/iputils/pull/344 + +Reviewed-by: Petr Vorel <pvorel@suse.cz> +Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com> +[ pvorel: adjusted commit message ] +Signed-off-by: Petr Vorel <pvorel@suse.cz> + +Conflict: Modifying "rts->device" to "device" and "ping/ping6_common.c" to "ping6_common.c" +Reference: https://github.com/iputils/iputils/commit/7c65999f98bc4a1984594b7fad1af0eaf0b9d34b.patch +--- + ping6_common.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/ping6_common.c b/ping6_common.c +index ed6168d..4eaa4f6 100644 +--- a/ping6_common.c ++++ b/ping6_common.c +@@ -678,6 +678,8 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock + if (device) { + struct cmsghdr *cmsg; + struct in6_pktinfo *ipi; ++ int rc; ++ int errno_save; + + cmsg = (struct cmsghdr *)(cmsgbuf + cmsglen); + cmsglen += CMSG_SPACE(sizeof(*ipi)); +@@ -688,6 +690,15 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock + ipi = (struct in6_pktinfo *)CMSG_DATA(cmsg); + memset(ipi, 0, sizeof(*ipi)); + ipi->ipi6_ifindex = if_name2index(device); ++ ++ enable_capability_raw(); ++ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE, ++ device, strlen(device) + 1); ++ errno_save = errno; ++ disable_capability_raw(); ++ ++ if (rc == -1) ++ error(2, errno_save, "SO_BINDTODEVICE %s", device); + } + + if ((whereto.sin6_addr.s6_addr16[0] & htons(0xff00)) == htons(0xff00)) { +-- +2.27.0 +
View file
_service:tar_scm_kernel_repo:backport-ping6-Avoid-binding-to-non-VRF.patch
Added
@@ -0,0 +1,56 @@ +From f52b582248f1f870e870a9973621805d969906b4 Mon Sep 17 00:00:00 2001 +From: Petr Vorel <pvorel@suse.cz> +Date: Tue, 9 Nov 2021 02:39:56 +0100 +Subject: [PATCH] ping6: Avoid binding to non-VRF + +This fixes permission issue when specifying just address (without VRF) +unless having CAP_NET_ADMIN (i.e. root) permission: + + $ ./builddir/ping/ping -c1 -I lo ::1 + ./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted + +because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on +opt_strictsource. + +Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address") + +Signed-off-by: Petr Vorel <pvorel@suse.cz> + +Conflict: Modifying "rts->opt_strictsource" to "options & F_STRICTSOURCE" and "rts->device" to "device","ping/ping6_common.c" to "ping6_common.c" +Reference: https://github.com/iputils/iputils/commit/f52b582248f1f870e870a9973621805d969906b4.patch +--- + ping6_common.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/ping6_common.c b/ping6_common.c +index 4eaa4f6..eb7ca70 100644 +--- a/ping6_common.c ++++ b/ping6_common.c +@@ -691,14 +691,16 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock + memset(ipi, 0, sizeof(*ipi)); + ipi->ipi6_ifindex = if_name2index(device); + +- enable_capability_raw(); +- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE, +- device, strlen(device) + 1); +- errno_save = errno; +- disable_capability_raw(); +- +- if (rc == -1) +- error(2, errno_save, "SO_BINDTODEVICE %s", device); ++ if (options & F_STRICTSOURCE) { ++ enable_capability_raw(); ++ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE, ++ device, strlen(device) + 1); ++ errno_save = errno; ++ disable_capability_raw(); ++ ++ if (rc == -1) ++ error(2, errno_save, "SO_BINDTODEVICE %s", device); ++ } + } + + if ((whereto.sin6_addr.s6_addr16[0] & htons(0xff00)) == htons(0xff00)) { +-- +2.27.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.