| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jun 2021 20:27:08 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Hangbin Liu <liuhangbin@...il.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
"David S. Miller" <davem@...emloft.net>
Subject: [PATCH 5.12 098/161] wireguard: selftests: make sure rp_filter is disabled on vethc
From: Jason A. Donenfeld <Jason@...c4.com>
commit f8873d11d4121aad35024f9379e431e0c83abead upstream.
Some distros may enable strict rp_filter by default, which will prevent
vethc from receiving the packets with an unrouteable reverse path address.
Reported-by: Hangbin Liu <liuhangbin@...il.com>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Cc: stable@...r.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
Signed-off-by: David S. Miller <davem@...emloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
tools/testing/selftests/wireguard/netns.sh | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -363,6 +363,7 @@ ip1 -6 rule add table main suppress_pref
ip1 -4 route add default dev wg0 table 51820
ip1 -4 rule add not fwmark 51820 table 51820
ip1 -4 rule add table main suppress_prefixlength 0
+n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/vethc/rp_filter'
# Flood the pings instead of sending just one, to trigger routing table reference counting bugs.
n1 ping -W 1 -c 100 -f 192.168.99.7
n1 ping -W 1 -c 100 -f abab::1111
Powered by blists - more mailing lists