| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Feb 2015 19:36:14 +0200
From: Jouni Malinen <jouni@...eaurora.org>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
Kyeyoon Park <kyeyoonp@...eaurora.org>
Subject: Re: [PATCH] bridge: Remove BR_PROXYARP flooding check code
On Tue, Dec 09, 2014 at 02:21:58PM -0800, Stephen Hemminger wrote:
> On Mon, 8 Dec 2014 17:27:40 +0200
> > From: Kyeyoon Park <kyeyoonp@...eaurora.org>
> > Because dropping broadcast packets for IEEE 802.11 Proxy ARP is more
> > selective than previously thought, it is better to remove the direct
> > dropping logic in the bridge code in favor of using the netfilter
> > infrastructure to provide more control on which frames get dropped. This
> > code was added in commit 958501163ddd ("bridge: Add support for IEEE
> > 802.11 Proxy ARP").
> Aren't you at risk of duplicate ARP responses in some cases.
> You can't assume user will run netfilter.
The 'bridge: Selectively prevent bridge port flooding for proxy ARP'
patch that I posted earlier today addresses this by keeping record of
whether the proxyarp functionality has replied to a packet and skipping
flooding conditionally on that. In other words, this 'bridge: Remove
BR_PROXYARP flooding check code' can be dropped.
--
Jouni Malinen PGP id EFC895FA
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists