lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 11 Nov 2013 16:29:26 +0800
From:	Duan Jiong <duanj.fnst@...fujitsu.com>
To:	hannes@...essinduktion.org
CC:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] ipv6: match those routes that have different metirc

于 2013年11月11日 15:39, Hannes Frederic Sowa 写道:
> On Mon, Nov 11, 2013 at 03:16:24PM +0800, Duan Jiong wrote:
>> 于 2013年11月11日 14:07, Hannes Frederic Sowa 写道:
>>> On Mon, Nov 11, 2013 at 11:00:53AM +0800, Duan Jiong wrote:
>>>> Now the kernel only match those routes that have the same
>>>> metirc, so if those routes are non-reachable, then the packets
>>>> can't be sent out.
>>>>
>>>> But according to the rfc 4191 section 3.2, if the best route
>>>> points to a non-reachable route, the next best route should be
>>>> consulted. So the kernel should not only match those routes that
>>>> have minimum metric, and should also match others.
>>>
>>> I am not so keen on chaning how metrics get handled. Please note that
>>> metrics are a pure linux-centric concept and are not standardized. I bet
>>> some people depend on how these work and have the same semantic as IPv4
>>> ones because they use the same code in their routing daemon backends.
>>>
>>
>> I have a question. If we only match those routes that have lowest metric, others
>> will never be used, so why the other routes are inserted to the router table?
> 
> Metrics could get used by software which manages dynamic interfaces, e.g.
> vpn/ppp software, to make sure they have priority over the current routing
> settings.  If we don't respect metrics there, this could lead to security
> problems. (if the interface vanishes, the other route gets active again).
> 
> It could also be used by dynamic routing software, e.g. is-is, ospf, bgp and
> does reflect the admins choice where traffic should get routed. Some routing
> daemon apply the whole routing table to the fib. If we don't respect metrics
> there, they could lose money, because maybe they pay for the traffic.
> They really get interesting if you have more than one routing protocol active
> at the same time. ;)
> 

Thanks for your reply. I think i don't fully understand the metric, and this 
patch should be ignored!

I am sorry that bothers your.

Thanks,
  Duan


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ