| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jun 2016 16:39:22 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: David Ahern <dsa@...ulusnetworks.com>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Beniamino Galvani <bgalvani@...hat.com>
Subject: Re: [PATCH net v2] ipv6: enforce egress device match in per table
nexthop lookups
On Thu, 2016-06-23 at 08:29 -0600, David Ahern wrote:
> On 6/23/16 8:20 AM, David Ahern wrote:
> >> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> >> index 969913d..520b788 100644
> >> --- a/net/ipv6/route.c
> >> +++ b/net/ipv6/route.c
> >> @@ -1782,7 +1782,7 @@ static struct rt6_info
> >> *ip6_nh_lookup_table(struct net *net,
> >> };
> >> struct fib6_table *table;
> >> struct rt6_info *rt;
> >> - int flags = 0;
> >> + int flags = RT6_LOOKUP_F_IFACE;
> >>
> >> table = fib6_get_table(net, cfg->fc_table);
> >> if (!table)
> >>
> >
> > Acked-by: David Ahern <dsa@...ulusnetworks.com>
>
> I take that back.
>
> I think RT6_LOOKUP_F_IFACE should only be set if cfg->fc_ifindex is set.
AFAICS the latter condition should not be needed. The related
information is passed all way down to rt6_score_route(), where it's
really used:
m = rt6_check_dev(rt, oif);
if (!m && (strict & RT6_LOOKUP_F_IFACE))
return RT6_NUD_FAIL_HARD;
and 'm' can be 0 only if oif is set: RT6_LOOKUP_F_IFACE has no effect
ifindex is set.
Paolo
Powered by blists - more mailing lists