| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 09 Jun 2017 13:15:10 -0400 (EDT) From: David Miller <davem@...emloft.net> To: kjlx@...pleofstupid.com Cc: maheshb@...gle.com, netdev@...r.kernel.org Subject: Re: [PATCH v2 net-next] Ipvlan should return an error when an address is already in use. From: Krister Johansen <kjlx@...pleofstupid.com> Date: Fri, 9 Jun 2017 10:13:10 -0700 > On Fri, Jun 09, 2017 at 12:26:46PM -0400, David Miller wrote: >> From: Krister Johansen <kjlx@...pleofstupid.com> >> Date: Thu, 8 Jun 2017 13:12:14 -0700 >> >> > The ipvlan code already knows how to detect when a duplicate address is >> > about to be assigned to an ipvlan device. However, that failure is not >> > propogated outward and leads to a silent failure. >> > >> > Introduce a validation step at ip address creation time and allow device >> > drivers to register to validate the incoming ip addresses. The ipvlan >> > code is the first consumer. If it detects an address in use, we can >> > return an error to the user before beginning to commit the new ifa in >> > the networking code. >> > >> > This can be especially useful if it is necessary to provision many >> > ipvlans in containers. The provisioning software (or operator) can use >> > this to detect situations where an ip address is unexpectedly in use. >> > >> > Signed-off-by: Krister Johansen <kjlx@...pleofstupid.com> >> >> Ok, applied, thank you. > > Thanks, did this look otherwise alright? Yes, I was mildly unsatisfied with the ipv6 addrconf situation but I know very well about that, and those kinds of addresses aren't of interest for what you are trying to achieve right?
Powered by blists - more mailing lists