lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 23 Jan 2011 09:39:40 +1100
From:	Stephen Hemminger <shemminger@...tta.com>
To:	ebiederm@...ssion.com (Eric W. Biederman)
Cc:	Jiri Bohac <jbohac@...e.cz>, David Miller <davem@...emloft.net>,
	brian.haley@...com, netdev@...r.kernel.org, maheshkelkar@...il.com,
	lorenzo@...gle.com, yoshfuji@...ux-ipv6.org, stable@...nel.org
Subject: Re: [RFC] ipv6: don't flush routes when setting loopback down

On Sat, 22 Jan 2011 00:17:09 -0800
ebiederm@...ssion.com (Eric W. Biederman) wrote:

> Stephen Hemminger <shemminger@...tta.com> writes:
> 
> > On Wed, 19 Jan 2011 20:56:32 +0100
> > Jiri Bohac <jbohac@...e.cz> wrote:
> >
> >> On Wed, Jan 19, 2011 at 11:38:17AM -0800, Stephen Hemminger wrote:
> >> > Jiri Bohac <jbohac@...e.cz> wrote:
> >> > > I have the feeling that Eric's patch is the safest solution we
> >> > > have so far:
> >> > Eric's patch has other regressions, see the discussion.
> >> 
> >> What regression do you mean? I have read the whole discussion
> >> thoroughly. You only say in one message that deleting ::1 would
> >> propagate to routing daemons. And Eric correctly stated that
> >> people couldn't hit this, because  deleting ::1 would break
> >> things on its own.
> >> 
> >> Is there a real problem with Eric's fix?
> >> 
> >> Thanks,
> >> 
> >
> > If address is assigned to loopback interface (other than ::1) then
> > Eric's fix doesn't work.  It is common to use an additional address
> > on the lo device when doing routing protocols.
> 
> Sigh.
> 
> I just got back to looking through the rest of my failures in 2.6.37 and
> despite it looking like it worked when i tested it, your patch doesn't
> actually work on my real work load that has broken.
> 
> At least your change that confirmed that the root problem is somewhere
> in the routing.
> 
> Eric

The design problem behind all this is that sysctl disable_ipv6 as currently
implemented is passive (just changes a variable). It needs to be implemented
as a more active step that does the same thing as removing the interface from
ipv6.  I will look into it after LCA. 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ