lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Aug 2014 12:27:38 -0700 (PDT) From: David Miller <davem@...emloft.net> To: sebastien.barre@...ouvain.be Cc: netdev@...r.kernel.org, gregory.detal@...ouvain.be, christoph.paasch@...ouvain.be, hannes@...hat.com, sergei.shtylyov@...entembedded.com Subject: Re: [PATCH net-next v2] ipv4: Restore accept_local behaviour in fib_validate_source() From: Sébastien Barré <sebastien.barre@...ouvain.be> Date: Sun, 17 Aug 2014 09:19:54 +0200 > Commit 7a9bc9b81a5b ("ipv4: Elide fib_validate_source() completely when possible.") > introduced a short-circuit to avoid calling fib_validate_source when not > needed. That change took rp_filter into account, but not accept_local. > This resulted in a change of behaviour: with rp_filter and accept_local > off, incoming packets with a local address in the source field should be > dropped. > > Here is how to reproduce the change pre/post 7a9bc9b81a5b commit: > -configure the same IPv4 address on hosts A and B. > -try to send an ARP request from B to A. > -The ARP request will be dropped before that commit, but accepted and answered > after that commit. > > This adds a check for ACCEPT_LOCAL, to maintain full > fib validation in case it is 0. We also leave __fib_validate_source() earlier > when possible, based on the same check as fib_validate_source(), once the > accept_local stuff is verified. > > Cc: Gregory Detal <gregory.detal@...ouvain.be> > Cc: Christoph Paasch <christoph.paasch@...ouvain.be> > Cc: Hannes Frederic Sowa <hannes@...hat.com> > Cc: Sergei Shtylyov <sergei.shtylyov@...entembedded.com> > Signed-off-by: Sébastien Barré <sebastien.barre@...ouvain.be> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists