Recently, I noticed that iproute2 would return me preferred lifetimes of IPv6 adresses close to 2^32 on links where prefixes are advertised with a preferred lifetime of 0. A quick look into the source revealed that the preferred lifetime is output using a format string containing "%u"; the incriminating lines being struct ifa_cacheinfo *ci = RTA_DATA(rta_tb[IFA_CACHEINFO]); char buf[128]; fprintf(fp, "%s", _SL_); [...] if (ci->ifa_prefered == INFINITY_LIFE_TIME) sprintf(buf+strlen(buf), " preferred_lft forever"); else sprintf(buf+strlen(buf), " preferred_lft %usec", ci->ifa_prefered); fprintf(fp, " %s", buf); When calling iproute2 oftenly shortly after a prefix has been advertised on the link, one could see that there actually was an integer underflow going on (the output changed from "0" to "forever" to 2^32-1). Interestringly, if_addr.h does define ifa_prefered to be a __u32, so iproute2 merely implements the interface. RFC4862 mandates that the preferred lifetime always is lower than or equal to the valid lifetime, which is also defined to be a __u32. I'm certainly no expert in the linux kernel code, but this looks like a bug to me. Why is ifa_prefered defined to be non-negative? Benedikt
Reply-To: akpm@linux-foundation.org On Sat, 7 Jun 2008 03:04:43 -0700 (PDT) bugme-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=10880 > > Summary: include/linux/if_addr.h: negative preferred lifetimes of > addresses > Product: Networking > Version: 2.5 > KernelVersion: 2.6.25.4 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: IPV6 > AssignedTo: yoshfuji@linux-ipv6.org > ReportedBy: benedikt@gollatz.net > > > Recently, I noticed that iproute2 would return me preferred lifetimes of IPv6 > adresses close to 2^32 on links where prefixes are advertised with a > preferred > lifetime of 0. A quick look into the source revealed that the preferred > lifetime is output using a format string containing "%u"; the incriminating > lines being > > struct ifa_cacheinfo *ci = RTA_DATA(rta_tb[IFA_CACHEINFO]); > char buf[128]; > fprintf(fp, "%s", _SL_); > [...] > if (ci->ifa_prefered == INFINITY_LIFE_TIME) > sprintf(buf+strlen(buf), " preferred_lft forever"); > else > sprintf(buf+strlen(buf), " preferred_lft %usec", > ci->ifa_prefered); > fprintf(fp, " %s", buf); > > When calling iproute2 oftenly shortly after a prefix has been advertised on > the > link, one could see that there actually was an integer underflow going on > (the > output changed from "0" to "forever" to 2^32-1). > > Interestringly, if_addr.h does define ifa_prefered to be a __u32, so iproute2 > merely implements the interface. RFC4862 mandates that the preferred lifetime > always is lower than or equal to the valid lifetime, which is also defined to > be a __u32. > > I'm certainly no expert in the linux kernel code, but this looks like a bug > to > me. Why is ifa_prefered defined to be non-negative? > > Benedikt > > > -- > Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- > You are on the CC list for the bug, or are watching someone who is.