lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3727.1200339422@turing-police.cc.vt.edu>
Date:	Mon, 14 Jan 2008 14:37:02 -0500
From:	Valdis.Kletnieks@...edu
To:	Paul Moore <paul.moore@...com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: 2.6.24-rc6-mm1 - oddness with IPv4/v6 mapped sockets hanging...

On Mon, 14 Jan 2008 14:07:46 EST, Paul Moore said:
> There have been quite a few changes in lblnet-2.6_testing since 2.6.24-rc6-mm1 
> so I would recommend taking the whole tree.  I'm also not quite sure if

Weird.  I did a 'git clone git://git.infradead.org/users/pcmoore/lblnet-2.6_testing'
into a new directory this morning, and doing a 'git log' against that only
showed the one added commit:

commit 5d95575903fd3865b884952bd93c339d48725c33
Author: Paul Moore <paul.moore@...com>
Date:   Wed Jan 9 15:30:23 2008 -0500

    SELinux: Add warning messages on network denial due to error
    
    Currently network traffic can be sliently dropped due to non-avc errors which
    can lead to much confusion when trying to debug the problem.  This patch adds
    warning messages so that when these events occur there is a user visible
    notification.
    
    Signed-off-by: Paul Moore <paul.moore@...com>

commit 9259ca5fd8b9fbdd2c3edade593dead905d8391e
Author: Paul Moore <paul.moore@...com>
Date:   Wed Jan 9 15:30:23 2008 -0500

    SELinux: Add network ingress and egress control permission checks
(already in 24-rc6-mm1).

Somebody please tell me it's my git-idiocy..

> simply reverting the "Convert the netif code to use ifindex values" patch 
> would solve the problem as there are other patches in the rc6-mm1 tree that 
> rely on skb->iif being valid (new code, not converted code).

That would explain why I'm still seeing issues..

>  If you want to 
> stick with a _relatively_ vanilla rc6-mm1 tree I would leave everything in 
> and simply apply the following patch which solved the skb_clone()/iif 
> problem:
> 
> http://git.infradead.org/?p=users/pcmoore/lblnet-2.6_testing;a=commitdiff;h=02f1c89d6e36507476f78108a3dcc78538be460b

OK, I'll go look at that..


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ