lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1314154554.1878.7.camel@nausicaa>
Date:	Wed, 24 Aug 2011 11:55:54 +0900
From:	Fernando Luis Vazquez Cao <fernando@....ntt.co.jp>
To:	Patrick McHardy <kaber@...sh.net>
Cc:	Jan Engelhardt <jengelh@...ozas.de>,
	Netfilter Developer Mailing List 
	<netfilter-devel@...r.kernel.org>,
	Linux Networking Developer Mailing List 
	<netdev@...r.kernel.org>
Subject: Re: [PATCH] iptables/man: IPv6 TOS mangling fix was backported to
 2.6.35-longterm too

Fernando Luis Vázquez Cao wrote:
> Update man page accordingly.
> 
> Signed-off-by: Fernando Luis Vazquez Cao <fernando@....ntt.co.jp>
> ---
> 
> diff -urNp iptables-orig/extensions/libxt_TOS.man iptables/extensions/libxt_TOS.man
> --- iptables-orig/extensions/libxt_TOS.man	2011-07-11 17:41:10.000000000 +0900
> +++ iptables/extensions/libxt_TOS.man	2011-08-02 09:59:27.356614494 +0900
> @@ -28,9 +28,9 @@ Binary XOR the TOS value with \fIbits\fP
>  \fIbits\fP\fB/0\fP. See NOTE below.)
>  .PP
>  NOTE: In Linux kernels up to and including 2.6.38, with the exception of
> -longterm releases 2.6.32.42 (or later) and 2.6.33.15 (or later), there is a bug
> -whereby IPv6 TOS mangling does not behave as documented and differs from the
> -IPv4 version. The TOS mask indicates the bits one wants to zero out, so it needs
> -to be inverted before applying it to the original TOS field. However, the
> +longterm releases 2.6.32 (>=.42), 2.6.33 (>=.15), and 2.6.35 (>=.14), there is
> +a bug whereby IPv6 TOS mangling does not behave as documented and differs from
> +the IPv4 version. The TOS mask indicates the bits one wants to zero out, so it
> +needs to be inverted before applying it to the original TOS field. However, the
>  aformentioned kernels forgo the inversion which breaks --set-tos and its
>  mnemonics.

Ping?

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ