[BUG] net: ipv4: The sent udp broadcast message may be converted to an arp request message
From: wanghai (M)
Date: Mon Feb 07 2022 - 09:46:04 EST
Hello,
I found a bug, but I don't know how to fix it. Anyone have some good ideas?
This bug will cause udp broadcast messages not to be sent, but instead send
non-expected arp request messages.
Deleting the ip while sending udp broadcast messages and then configuring
the ip again will probably trigger the bug.
The following is the timing diagram of the bug, cpu0 sends a broadcast
message and cpu1 deletes the routing table at the appropriate time.
cpu0 cpu1
send()
udp_sendmsg()
ip_route_output_flow()
| fib_lookup()
udp_send_skb()
ip_send_skb()
ip_finish_output2()
ifconfig eth0:2 down
fib_del_ifaddr
fib_table_delete //
delete fib table
ip_neigh_for_gw()
| ip_neigh_gw4()
| __ipv4_neigh_lookup_noref()
| __neigh_create()
| tbl->constructor(n) --> arp_constructor()
| neigh->type = inet_addr_type_dev_table(); // no
route, neigh->type = RTN_UNICAST
neigh_output() // unicast, send an arp request and create an
exception arp entry
After the above operation, an abnormal arp entry will be generated. If
the ip is configured again(ifconfig eth0:2 12.0.208.0), the abnormal arp
entry will still exist, and the udp broadcast message will be converted
to an arp request message when it is sent.
Any feedback would be appreciated, thanks.
--
Wang Hai