lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 08 Apr 2014 16:43:56 -0400 (EDT) From: David Miller <davem@...emloft.net> To: xiyou.wangcong@...il.com Cc: netdev@...r.kernel.org, ebiederm@...ssion.com, ja@....bg, cwang@...pensource.com Subject: Re: [Patch net] ipv4: fib: check forwarding before checking send_redirects From: Cong Wang <xiyou.wangcong@...il.com> Date: Tue, 8 Apr 2014 12:31:22 -0700 > From: Cong Wang <cwang@...pensource.com> > > We have seen in a weird case we had to disable send_redirects in order > to pass rp filter check even though we don't set forwarding at all. > This looks wrong, at least according to ip-sysctl.txt send_redirects should > only make sense when we enable forwarding. > > Cc: Eric Biederman <ebiederm@...ssion.com> > Cc: Julian Anastasov <ja@....bg> > Cc: David S. Miller <davem@...emloft.net> > Signed-off-by: Cong Wang <xiyou.wangcong@...il.com> > Signed-off-by: Cong Wang <cwang@...pensource.com> I'm not so sure about this. This test here is just an optimization, which bypasses the long path processing of FIB source address validation if certain strict conditions are met. __fib_validate_source() should do the right thing if it is executed, it is just the slow path, and you should determine why it is rejecting your traffic instead. Your change is a valid optimization perhaps, but not a bug fix. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists