lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.0806032011070.3438@bizon.gios.gov.pl>
Date:	Tue, 3 Jun 2008 20:29:49 +0200 (CEST)
From:	Krzysztof Oledzki <olel@....pl>
To:	Patrick McHardy <kaber@...sh.net>
cc:	Jarek Poplawski <jarkao2@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH]  Fix routing tables with id > 255 for legacy software



On Tue, 3 Jun 2008, Patrick McHardy wrote:

> Jarek Poplawski wrote:
>> On Tue, Jun 03, 2008 at 05:15:04PM +0200, Krzysztof Oledzki wrote:
>>> 
>>> On Tue, 3 Jun 2008, Patrick McHardy wrote:
>> ...
>>>> Your patch makes it more predictable, so I'm not completely
>>>> opposed, but still its just a workaround.
>>> Indeed - it is a workaround but I believe we need it.
>>> 
>> 
>> IMHO, adding a safety with e.g. CONFIG_IP_FIB_COMPAT_DEPRECATED
>> (default N) for one stable, letting to change this back in some
>> (probably nonexistent) strange cases, should be enough to keep up
>> appearances...
>
>
> Mhh .. I don't think this is a good solution.

I second that. If you know that you need this option then you don't need 
it as you may avoid selected tables.

> Things can only break if you actually use the new feature, and if you 
> do, you should simply make sure that all software running can deal with 
> it. Fixing the routing daemons should be a triviality.

Indeed, it is trivial and I even have a small patch for quagga I'm going 
to push to the upstream soon. However the problem is the non intuitive 
behavior of old applications that may lead into a critical network outage 
(been there, done that) and my patch is supposed to minimize such a 
possibility. Without special knowledge it is not obvious that that routes 
in 256, 510, etc tables may be handle as routes in RT_TABLE_MAIN table.

Best regards,

 				Krzysztof Olędzki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ