lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 28 Mar 2014 09:11:37 +0800
From:	wangyufen <wangyufen@...wei.com>
To:	<davem@...emloft.net>, <netdev@...r.kernel.org>,
	Alexey Kuznetsov <kuznet@....inr.ac.ru>
Subject: Re: [PATCH net-next v3 2/2] net: tcp_ipv6 policy route issue

On 2014/3/27 13:32, Hannes Frederic Sowa wrote:
> On Thu, Mar 27, 2014 at 10:00:34AM +0800, wangyufen wrote:
>> On 2014/3/26 15:05, Hannes Frederic Sowa wrote:
>>> On Mon, Mar 24, 2014 at 02:25:22PM +0800, Wangyufen wrote:
>>>> From: Wang Yufen <wangyufen@...wei.com>
>>>>
>>>> The issue raises when adding policy route, specify a particular
>>>> NIC as oif, the policy route did not take effect. The reason is
>>>> that fl6.oif is not set and route map failed. From the 
>>>> tcp_v6_send_response function, if the binding address is linklocal,
>>>> fl6.oif is set, but not for global address.
>>>>
>>>> Signed-off-by: Wang Yufen <wangyufen@...wei.com>
>>>
>>> Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
>>>
>>> But this looks like a bug to me, so maybe this is something for net
>>> inclusion.
>> I checked the commit log, I think, changes to ipv6 was incompleted in 
>> commit 4c67525849e0b7f4bd4fab leded to this issue . 
>> In tcp_v6_send_response, fl6.oif can't be directly set to iif for global
>> address, but it should not be 0.
> 
> Actually, I wonder if
> 
> if (rt6_need_strict(&fl6.daddr) || !oif)
> 	fl6.flowi6_oif = inet6_iif(skb);
> else
> 	fl6.flowi6_oif = oif;
> 
> would be ok, too, and would ensure that errors with no sockets would
> reach their target with higher probability in case of policy routes.
> 
That would be better, I'll send v4 later
> In routing code we don't do strict lookup unless either we have the
> indication by the socket (if available) or destination address is
> multicast, linklocal or loopback. Otherwise we only favour flowi6_oif
> interfaces.
> 
> Bye,
> 
>   Hannes
> 
> 
> 


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ