| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Apr 2014 16:44:27 -0400 (EDT) From: David Miller <davem@...emloft.net> To: lorenzo@...gle.com Cc: netdev@...r.kernel.org, hannes@...essinduktion.org, wangyufen@...wei.com Subject: Re: [PATCH net] net: ipv6: Fix oif in TCP SYN+ACK route lookup. From: Lorenzo Colitti <lorenzo@...gle.com> Date: Fri, 11 Apr 2014 13:19:12 +0900 > net-next commit 9c76a11, ipv6: tcp_ipv6 policy route issue, had > a boolean logic error that caused incorrect behaviour for TCP > SYN+ACK when oif-based rules are in use. Specifically: > > 1. If a SYN comes in from a global address, and sk_bound_dev_if > is not set, the routing lookup has oif set to the interface > the SYN came in on. Instead, it should have oif unset, > because for global addresses, the incoming interface doesn't > necessarily have any bearing on the interface the SYN+ACK is > sent out on. > 2. If a SYN comes in from a link-local address, and > sk_bound_dev_if is set, the routing lookup has oif set to the > interface the SYN came in on. Instead, it should have oif set > to sk_bound_dev_if, because that's what the application > requested. > > Signed-off-by: Lorenzo Colitti <lorenzo@...gle.com> Applied, thank you. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists