lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 04 Feb 2010 14:50:56 -0500
From:	jamal <hadi@...erus.ca>
To:	Stefan Lippers-Hollmann <s.L-H@....de>
Cc:	gregkh@...e.de, linux-kernel@...r.kernel.org, davem@...emloft.net,
	stable@...nel.org
Subject: Re: patch net-restore-ip-source-validation.patch added to
 2.6.32-stable tree

Ok, I was able to reproduce it finally. This fixes it:

---
diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
index b6e7aae..469193c 100644
--- a/kernel/sysctl_check.c
+++ b/kernel/sysctl_check.c
@@ -220,6 +220,7 @@ static const struct trans_ctl_table
trans_net_ipv4_conf_vars_table[] = {
        { NET_IPV4_CONF_PROMOTE_SECONDARIES,    "promote_secondaries" },
        { NET_IPV4_CONF_ARP_ACCEPT,             "arp_accept" },
        { NET_IPV4_CONF_ARP_NOTIFY,             "arp_notify" },
+       { NET_IPV4_CONF_SRC_VMARK,              "src_valid_mark" },
        {}
 };
---

Note we dont have that code anymore in current tree - thats why it
was missed...
If this works, Greg/Dave - please include it in the -stable patch.

cheers,
jamal


On Thu, 2010-02-04 at 13:38 -0500, jamal wrote:
> On Thu, 2010-02-04 at 19:31 +0100, Stefan Lippers-Hollmann wrote:
> > Hi
> > 
> > On Thursday 04 February 2010, jamal wrote:
> 
> > > ----
> > >         NET_IPV4_CONF_ARP_ACCEPT=21,
> > >         NET_IPV4_CONF_ARP_NOTIFY=22,
> > >         NET_IPV4_CONF_ACCEPT_LOCAL=23,
> > >         NET_IPV4_CONF_SRC_VMARK=24,
> > >         __NET_IPV4_CONF_MAX
> > > ---
> > > 
> > > I have a feeling you are missing NET_IPV4_CONF_ACCEPT_LOCAL
> > 
> > Yes, you're 100% right - such a hunk is missing from queue-2.6.32 [1]
> > 
> 
> Do you mind changing to NET_IPV4_CONF_SRC_VMARK=23 in that patch?
> As i mentioned in my other email it is a wild guess - so it likely will
> have no effect but worth a try if you have time.
> 
> cheers,
> jamal
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ