ANYTHING as default route

Ewen McNeill Wed, 29 Jun 2011 08:10:56 -0700
>Number:         6639
>Category:       kernel
>Synopsis:       route(8): add treats 0.0.0.0/ANYTHING as default route
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Jun 29 03:00:01 GMT 2011
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 Synopsis:      route(8): add treats 0.0.0.0/ANYTHING as default route
 Category:      system
 Environment:
          System      : OpenBSD 4.9
          Details     : OpenBSD 4.9 (GENERIC) #477: Wed Mar  2 06:50:31 
 MST 2011
 
 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
 
          Architecture: OpenBSD.amd64
          Machine     : amd64
 Description:
      "route add" understands CIDR prefixes (eg, a.b.c.d/22) for most 
 purposes, and they are used as examples in the man page, so that it is 
 possible to add routes for subnets simply by specifying the CIDR prefix, 
 and without using "-netmask" or "-prefixlen".
 
      However if a.b.c.d is 0.0.0.0, then irrespective of the prefix 
 length specified in the CIDR prefix, "route add" will always (try to) 
 add a default route, even though it will report the whole CIDR prefix 
 (including the specified length) as being processed.
 
      It is possible to add a subnet starting at 0.0.0.0 using "-netmask" 
 or "-prefixlen".  But since only 0.0.0.0/0 is equivalent to default in 
 CIDR notation, only 0.0.0.0 or 0.0.0.0/0 should be treated as the 
 default route.  The rest should be treated like subnets. (Subnets 
 starting at 0.0.0.0 are useful to add "more specifics" for a default 
 route that will be preferred by the routing engine; in my case to work 
 around ripd limitations.)
 
 How-To-Repeat:
      Example session below showing incorrect handling of 0.0.0.0/LEN 
 compared with -prefixlen and -netmask.  Plus correct handling of eg, 
 128.0.0.0/LEN.
 
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 ewen@fw-test:~$ sudo route add 0.0.0.0/1 172.20.2.42
 add net 0.0.0.0/1: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 default            172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete default
 delete net default
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$ sudo route add 0.0.0.0/31 172.20.2.42
 add net 0.0.0.0/31: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 default            172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete default
 delete net default
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$ sudo route add 0.0.0.0 -prefixlen 31 172.20.2.42
 add net 0.0.0.0: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 0.0.0.0/31         172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete 0.0.0.0 -prefixlen 31
 delete net 0.0.0.0
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$ sudo route add 0.0.0.0 -prefixlen 1 172.20.2.42
 add net 0.0.0.0: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 0/1                172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete 0.0.0.0 -prefixlen 1
 delete net 0.0.0.0
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$ sudo route add 0.0.0.0 -netmask 128.0.0.0 172.20.2.42
 add net 0.0.0.0: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 0/1                172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete 0.0.0.0 -netmask 128.0.0.0
 delete net 0.0.0.0
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$
 
 ewen@fw-test:~$ sudo route add 128.0.0.0/31 172.20.2.42
 add net 128.0.0.0/31: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 128.0.0.0/31       172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete 128.0.0.0/31
 delete net 128.0.0.0/31
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$ sudo route add 128.0.0.0/1 172.20.2.42
 add net 128.0.0.0/1: gateway 172.20.2.42
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 128/1              172.20.2.42        UGS        0        0     -     8 em0
 172.20.2.42        link#1             UHLc       1        0     -     4 em0
 ewen@fw-test:~$ sudo route delete 128.0.0.0/1
 delete net 128.0.0.0/1
 ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
 172.20.2.42        link#1             UHLc       0        0     -     4 em0
 ewen@fw-test:~$
 
 Fix:
      "route add" should treat "a.b.c.d/NN" as equivalent to "a.b.c.d 
 -prefixlen NN", and only consider 0.0.0.0 or 0.0.0.0/0 as equivalent to 
 default.  Not every possible string starting with 0.0.0.0.
 
      I've not read through the source code, but suspect this is a 
 too-greedy special case handler (for default route) in the route binary.
 
 
 dmesg:
 OpenBSD 4.9 (GENERIC) #477: Wed Mar  2 06:50:31 MST 2011
      [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 535801856 (510MB)
 avail mem = 507539456 (484MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x1ffffef0 (10 entries)
 bios0: vendor Bochs version "Bochs" date 01/01/2007
 bios0: Bochs Bochs
 acpi0 at bios0: rev 0
 acpi0: sleep states S3 S4 S5
 acpi0: tables DSDT FACP SSDT APIC HPET
 acpi0: wakeup devices
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
 acpihpet0 at acpi0: 100000000 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpicpu0 at acpi0
 mpbios0 at bios0: Intel MP Specification 1.4
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Opteron or Athlon 64, 2660.26 MHz
 cpu0: 
 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,PGE,CMOV,PAT,MMX,FXSR,SSE,SSE2,SSE3,POPCNT
 cpu0: apic clock running at 1000MHz
 mpbios0: bus 0 is type PCI
 mpbios0: bus 1 is type ISA
 ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 24 pins
 ioapic0: misconfigured as apic 0, remapped to apid 1
 vmt0 at mainbus0
 vmware: open failed, eax=564d5868, ecx=0000001e, edx=00005658
 vmt0: failed to open backdoor RPC channel (TCLO protocol)
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, 
 channel 0 wired to compatibility, channel 1 wired to compatibility
 wd0 at pciide0 channel 0 drive 0: <QEMU HARDDISK>
 wd0: 16-sector PIO, LBA48, 20480MB, 41943040 sectors
 wd0(pciide0:0:0): using PIO mode 0, DMA mode 2
 atapiscsi0 at pciide0 channel 1 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 0.12> ATAPI 5/cdrom 
 removable
 cd0(pciide0:1:0): using PIO mode 0
 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 1 int 
 11 (irq 11)
 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 1 
 int 9 (irq 9)
 iic0 at piixpm0
 iic0: addr 0x4c 48=00 words 00=0000 01=0000 02=0000 03=0000 04=0000 
 05=0000 06=0000 07=0000
 iic0: addr 0x4e 48=00 words 00=0000 01=0000 02=0000 03=0000 04=0000 
 05=0000 06=0000 07=0000
 vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 em0 at pci0 dev 3 function 0 "Intel PRO/1000MT (82540EM)" rev 0x03: apic 
 1 int 11 (irq 11), address 00:16:3e:03:48:48
 isa0 at pcib0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pms0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux slot
 wsmouse0 at pms0 mux 0
 pcppi0 at isa0 port 0x61
 spkr0 at pcppi0
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 fd0 at fdc0 drive 0: density unknown
 fd1 at fdc0 drive 1: density unknown
 usb0 at uhci0: USB revision 1.0
 uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
 nvram: invalid checksum
 vscsi0 at root
 scsibus1 at vscsi0: 256 targets
 softraid0 at root
 root on wd0a swap on wd0b dump on wd0b
 clock: unknown CMOS layout
 
 usbdevs:
 Controller /dev/usb0:
 addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), 
 Intel(0x8086), rev 1.00
   port 1 powered
   port 2 powered
 
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
kernel/6639: route(8): add treats 0.0.0.0/ANYTHING as default route

Reply via email to
