| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Nov 2009 11:04:38 -0500 From: jamal <hadi@...erus.ca> To: Patrick McHardy <kaber@...sh.net> Cc: KOVACS Krisztian <hidden@....bme.hu>, KOVACS Krisztian <hidden@...abit.hu>, Andreas Schultz <aschultz@...p10.net>, tproxy@...ts.balabit.hu, netdev@...r.kernel.org Subject: Re: [tproxy,regression] tproxy broken in 2.6.32 On Sat, 2009-11-28 at 16:46 +0100, Patrick McHardy wrote: > > The root cause seems to be an invalid assumption, marks are often not > used in a symetric fashion as required by RPF. The only assumption is: if you set set up a mark on incoming, you are asking the reverse validation that is to be used to consider that mark. This has nothing to do with RPF really;-> RPF is off. There is a legit bug in the old setup that has a table programmed with a route that is not unicast. > Since this patch has already proven to break existing setups, I think > it should be reverted or the behaviour made optional with a default to > off. I disagree. What other setup is broken? ;-> cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists