net/ipv4: original ingress device index set as the loopback interface.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Yakkety |
Fix Released
|
Medium
|
Jorge Niedbalski | ||
Zesty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Environment]
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial
# uname -a
Linux juju-niedbalski
[Description]
We identified a bug in one of the utilities provided by dnsmasq, the 'dhcp_release' utility which
is executed as part of the DHCP lease cleanup mechanism by Neutron once a network resource is freed.
We noticed that some packets were discarded by the DHCP server (dnsmasq) in Ubuntu systems
running a kernel >= 4.7. The reason was the ipi_ifindex field on the pktinfo was incorrectly assumed to be 1 (loopback),
this causes the message to be ignored by the dnsmasq daemon since isn't the interface on which dnsmasq is bind to.
(gdb) p *p.p
$4 = {
ipi_ifindex = 1,
ipi_spec_dst = {
s_addr = 34973888
},
ipi_addr = {
s_addr = 34973888
}
}
(gdb) p ifr
$8 = {ifr_ifrn = {ifrn_name = "lo", '\000' <repeats 13 times>},
[Fix]
Upstream commit:
https:/
[Test Case]
1) Configure a dnsmasq instance to server DHCP
(Example):
$ sudo dnsmasq --no-hosts --no-resolv --strict-order --except-
-addn-hosts=
518dca/leases --dhcp-
domain=
2) Boot a VM or container on the bridge/interface on which dnsmasq is bind to.
2) Use the dhcp_release utility to release the lease.
(Example):
$ sudo dhcp_release ns-1cb1b7c7-c0 192.168.21.8 fa:16:3e:f3:b2:fe
The expected result: The lease is freed.
Current results: dnsmasq ignored the DHCP Release message.
[Fix]
When we send a packet for our own local address on a non-loopback
interface (e.g. eth0), due to the change had been introduced from
commit 0b922b7 ("net: original ingress device index in PKTINFO"), the
original ingress device index would be set as the loopback interface.
* https:/
CVE References
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
tags: | removed: kernel-da-key |
tags: | added: sts |
description: | updated |
Changed in linux (Ubuntu Zesty): | |
status: | Triaged → Fix Committed |
Changed in linux (Ubuntu Yakkety): | |
status: | Triaged → In Progress |
assignee: | nobody → Jorge Niedbalski (niedbalski) |
Changed in linux (Ubuntu Yakkety): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Zesty): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu): | |
status: | Triaged → Fix Released |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1683982
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.