lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120125225931.GA11019@ms2.inr.ac.ru>
Date:	Thu, 26 Jan 2012 02:59:31 +0400
From:	Alexey Kuznetsov <kuznet@....inr.ac.ru>
To:	Tony Zelenoff <antonz@...allels.com>
Cc:	ynot@...natka.ru, davem@...emloft.net, netdev@...r.kernel.org,
	xemul@...allels.com
Subject: Re: [RFC] Allow ipv6 proxies and arp proxies be shown with ip

On Wed, Jan 25, 2012 at 01:44:58PM +0400, Tony Zelenoff wrote:
> But, ~11 years were passed and this command is still alive and useful.

Indeed. :-)


> Unfortunately proper filling of proxy neighbour info is not possible in
> case of compatibility with ip itself. Returning structure field which
> store state of record is reached its 8 bits limit and new flag showing
> proxy can't be added.

It is not necessary, there exists flag NTF_PROXY in ndm_flags.



>		 And at this point i'm stucked a bit. The ip utility
> must show that exact address is not just neighbour, but is a proxy. Can
> somebody advice me how to do it? Or maybe the whole idea is not good at all,
> if so - please tell me why.

Apparently, ip utility requires some modifications as well.


However, it is necessary to preserve compatibility with older ip utility,
which could be confused seeing proxy entries in the same stream.


I see two variants:

1. On request to list proxy entries, ip utility could send request containing
   full ndmsg with NTF_PROXY set in ndm_flags. When kernel sees request without NTF_PROXY,
   it dumps normal neighbor table. When it sees NTF_PROXY, it dumps proxy table instead.

   From user viewpoint, "ip neigh list ..." works as usual, "ip neigh list proxy ..." will list
   proxy entries.

2. Adding RTM_*PNEIGH and the whole new set of "ip pneigh ..." commands.
   Logically, I would prefer this solution and, unless I was lazy 10 years ago, I would
   go this way. Unfortunately, this will break compatibility with existing
   "ip neigh add/del proxy ...", so that the kludge to intercept NTF_PROXY command in RTM_*NEIGH
   is still required and the solution loses half of its beauty.

So, seems #1 looks better.

Alexey
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ