| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2007 11:01:05 +0100 From: KOVACS Krisztian <hidden@...abit.hu> To: Patrick McHardy <kaber@...sh.net> Cc: netfilter-devel@...ts.netfilter.org, netdev@...r.kernel.org Subject: Re: [PATCH/RFC 05/10] Remove local address check on IP output Hi, On Wednesday 10 January 2007 07:47, Patrick McHardy wrote: > > diff --git a/net/ipv4/route.c b/net/ipv4/route.c > > index 537b976..bb1158a 100644 > > --- a/net/ipv4/route.c > > +++ b/net/ipv4/route.c > > @@ -2498,11 +2498,6 @@ #endif > > ZERONET(oldflp->fl4_src)) > > goto out; > > > > - /* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */ > > - dev_out = ip_dev_find(oldflp->fl4_src); > > - if (dev_out == NULL) > > - goto out; > > - > > I'm not sure how exactly this is used by applications, but couldn't you > restrict this to sockets without freebind? I'll try to do so in the next incarnation of the patches. Thanks for the comment, it'd ineed be safer to do so. BTW, could anyone shed some light on exactly why that check is necessary? As far as I can see it prevents packets with a non-local source address being routed -- but I fail to see why we need to prevent that. -- Regards, Krisztian Kovacs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists