lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e21a2d9682b5d83fefe3f09a07316033@luffy.cx>
Date:	Fri, 16 Dec 2011 10:53:48 +0100
From:	Vincent Bernat <bernat@...fy.cx>
To:	David Miller <davem@...emloft.net>
Cc:	<zenczykowski@...il.com>, <netdev@...r.kernel.org>,
	<yoshfuji@...ux-ipv6.org>
Subject: Re: nonlocal_bind and IPv6

On Fri, 16 Dec 2011 02:06:00 -0500 (EST), David Miller wrote:

>> OoO En  ce milieu  de nuit  étoilée du vendredi  16 décembre  2011, 
>> vers
>> 04:58, Maciej Żenczykowski <zenczykowski@...il.com> disait :
>>
>>> why not simply use the IP_TRANSPARENT or IP_FREEBIND socket 
>>> options?
>>
>> Because  this requires  modifying each  affected software.  This  
>> can be
>> difficult if you don't have the source code available.
>
> But it means that it would work on every single kernel verion out
> there.

Sure. But... The typical scenario for this setting is when you are 
using something like VRRP. You have your web server running on several 
nodes and only one of them has the appropriate IP address at the given 
moment. Moreover, you have to bind to specific IP and not 0.0.0.0 for 
other reasons (for example, when using several SSL virtualhosts). 
Starting the web server only when a node gets the appropriate IP is not 
possible because it increases downtime. Since this VRRP stuff is related 
to system configuration, it seems sensible to have a system setting 
equivalent to IP_FREEBIND socket options. This is ip_nonlocal_bind.

Moreover, I am just adding the IPv6 version of this setting. The IPv4 
version already exists.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ