On Sat, Oct 26, 2013 at 11:53:15PM +0400, Alexander V. Chernikov wrote:
> 2 Ondrej:
> Hi, i'm a bit stuck:

Hi, thanks for finding the problem.

> For p2p interfaces, like gifX the following happens:
>
> ifconfig gif0 inet 10.10.0.1/30 10.10.0.2
>
> bird: (FIN) IF gre0 flags: 60000188 ip: 10.10.0.1 opposite: 10.10.0.2  
> brd: 10.10.0.2
> ^^^^^
> Kernel sets broadcast address to the peer address for given p2p  
> interface even with non/32 masks.
> This seems "reasonable".

I would say that kernel (BSD) uses the same field (RTA_BRD)
for two purposes - broadcast address for broadcast ifaces
and peer address for ptp ifaces.

The questionable is that BIRD, which has two fields in struc ifa
(brd and opposite), copies peer address also to 'brd' field for
nonbroadcast ifaces.

> if_connected() uses the following logic:
> is peer? (IA_PEER) -> opposite ? OK!
> not peer? -> not network addr ? not broadcast ? then OK!
>
> Currently such interfaces are treated by nest as non-multiaccess, but  
> IA_PEER is not set.
>
> As a result, peer address is not treated as directly connected, so  
> neigh_find2() returns NULL, so all LSA behind given router has their gw  
> zeroed, so..

BTW, the same problem would be here for /31 addresses, but there is
a special check for that in if_connected():
(b->pxlen < (BITS_PER_IP_ADDRESS - 1)

> What is better: ignore kernel-supplied broadcast address or set IA_PEER  
> for non-/32 masks and non-multiaccess media?

Definitely not the second one.

Meaning of ifa->brd is an address which could be used to send a
broadcast packet (which is used by RIP in broadcast mode and OSPFv2 with
real-broadcast option).

Therefore, if an iface supports broadcast (i.e. iface->flags has
IF_BROADCAST flag), we should set ifa->brd to such address (which
is probably the one reported by kernel). If an iface does not support
broadcast, we should keep ifa->brd zeroed. This would fix the reported
problem.

See (end of) the attached patch (untested).

-- 
Elen sila lumenn' omentielvo

Ondrej 'SanTiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
diff --git a/sysdep/bsd/krt-sock.c b/sysdep/bsd/krt-sock.c
index 3d30036..0bc2945 100644
--- a/sysdep/bsd/krt-sock.c
+++ b/sysdep/bsd/krt-sock.c
@@ -654,17 +654,25 @@ krt_read_addr(struct ks_msg *msg)
 
   if ((masklen = ipa_mklen(imask)) < 0)
   {
-    log("Invalid masklen");
+    log(L_ERR "KIF: Invalid masklen %I for %s", imask, iface->name);
     return;
   }
 
-  bzero(&ifa, sizeof(ifa));
+#ifdef IPV6
+  /* Clean up embedded interface ID returned in link-local address */
 
-  ifa.iface = iface;
+  if (ipa_has_link_scope(iaddr))
+    _I0(iaddr) = 0xfe800000;
 
-  memcpy(&ifa.ip, &iaddr, sizeof(ip_addr));
+  if (ipa_has_link_scope(ibrd))
+    _I0(ibrd) = 0xfe800000;
+#endif
+
+
+  bzero(&ifa, sizeof(ifa));
+  ifa.iface = iface;
+  ifa.ip = iaddr;
   ifa.pxlen = masklen;
-  memcpy(&ifa.brd, &ibrd, sizeof(ip_addr));
 
   scope = ipa_classify(ifa.ip);
   if (scope < 0)
@@ -674,16 +682,6 @@ krt_read_addr(struct ks_msg *msg)
   }
   ifa.scope = scope & IADDR_SCOPE_MASK;
 
-#ifdef IPV6
-  /* Clean up embedded interface ID returned in link-local address */
-
-  if (ipa_has_link_scope(ifa.ip))
-    _I0(ifa.ip) = 0xfe800000;
-
-  if (ipa_has_link_scope(ifa.brd))
-    _I0(ifa.brd) = 0xfe800000;
-#endif
-
   if (masklen < BITS_PER_IP_ADDRESS)
   {
     ifa.prefix = ipa_and(ifa.ip, ipa_mkmask(masklen));
@@ -696,12 +694,15 @@ krt_read_addr(struct ks_msg *msg)
       ifa.opposite = ipa_opposite_m2(ifa.ip);
 #endif
 
+    if (iface->flags & IF_BROADCAST)
+      ifa.brd = ibrd;
+
     if (!(iface->flags & IF_MULTIACCESS))
-      ifa.opposite = ifa.brd;
+      ifa.opposite = ibrd;
   }
-  else if (!(iface->flags & IF_MULTIACCESS) && ipa_nonzero(ifa.brd))
+  else if (!(iface->flags & IF_MULTIACCESS) && ipa_nonzero(ibrd))
   {
-    ifa.prefix = ifa.opposite = ifa.brd;
+    ifa.prefix = ifa.opposite = ibrd;
     ifa.flags |= IA_PEER;
   }
   else

Attachment: signature.asc
Description: Digital signature

Reply via email to