lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 15 Aug 2013 15:54:54 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	hannes@...essinduktion.org
Cc:	mleitner@...hat.com, netdev@...r.kernel.org, jiri@...nulli.us,
	dbanerje@...mai.com, yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH stable] ipv6: restrict neighbor entry creation to
 output flow

From: Hannes Frederic Sowa <hannes@...essinduktion.org>
Date: Wed, 14 Aug 2013 17:00:54 +0200

> On Wed, Aug 14, 2013 at 10:53:27AM -0300, Marcelo Ricardo Leitner wrote:
>> This patch is based on 3.2.y branch, the one used by reported. Please let me
>> know if it should be different. Thanks.
>> 
>> ---8<---
>> 
>> Commit 0d6a77079c475033cb622c07c5a880b392ef664e introduced a regression on
>> which routes to local delivery would not work anymore. Like this:
>> 
>>     $ ip -6 route add local 2001::/64 dev lo
>>     $ ping6 -c1 2001::9
>>     PING 2001::9(2001::9) 56 data bytes
>>     ping: sendmsg: Invalid argument
>> 
>> As this is a local delivery, that commit would not allow the creation of a
>> neighbor entry and thus the packet cannot be sent.
>> 
>> But as TPROXY scenario actually needs to avoid the neighbor entry creation only
>> for input flow, this patch now limits previous patch to input flow, keeping
>> output as before that patch.
>> 
>> Reported-by: Debabrata Banerjee <dbavatar@...il.com>
>> Signed-off-by: Marcelo Ricardo Leitner <mleitner@...hat.com>
>> CC: Hannes Frederic Sowa <hannes@...essinduktion.org>
> 
> Looks good, thanks Marcelo!
> 
> Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> 
> David, this patch is for all stable kernels except the 3.10 series.
> It does not apply cleanly throughout the whole longterm kernels but the
> changes should not be too difficult to adapt. Do you take care of this
> or can we do something to ease this process?

I've queued it up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ