lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130918013903.GC8947@order.stressinduktion.org>
Date:	Wed, 18 Sep 2013 03:39:03 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	David Miller <davem@...emloft.net>
Cc:	duanj.fnst@...fujitsu.com, netdev@...r.kernel.org
Subject: Re: [PATCH v2 6/6] ipv6: Do route updating for redirect in ndisc layer

On Tue, Sep 17, 2013 at 08:29:36PM -0400, David Miller wrote:
> From: Duan Jiong <duanj.fnst@...fujitsu.com>
> Date: Fri, 13 Sep 2013 11:03:07 +0800
> 
> > From: Duan Jiong <duanj.fnst@...fujitsu.com>
> > 
> > Do the whole verification and route updating in ndisc
> > lay and then just call into icmpv6_notify() to notify
> > the upper protocols.
> > 
> > Signed-off-by: Duan Jiong <duanj.fnst@...fujitsu.com>
> 
> This is completely broken, and I believe your patch set fundamentally
> is too.
> 
> We absolutely _must_ handle the redirect at the socket level when
> we are able to, otherwise we cannot specify the mark properly and
> the mark is an essential part of the key used to find the correct
> route to work with.
> 
> I am not applying this patch series until you deal with this
> deficiency.  I am not willing to consider changes which stop using the
> more precise keying information available from a socket.

Oh, Duan, I am very sorry for not catching this earlier. We use the
sk->mark to select the proper routing table where we clone the rt6_info into.
And we only get that value out of the sockets. I missed that. We should leave
the redirect logic in the socket layer where it is possible.

But parts of this series are still valid. We need to fix redirects for tunnels
and I do think we can still simplify some code in the error handlers.

Thanks for pointing this out,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ