| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140411131941.GN27255@order.stressinduktion.org> Date: Fri, 11 Apr 2014 15:19:41 +0200 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Lorenzo Colitti <lorenzo@...gle.com> Cc: netdev@...r.kernel.org, davem@...emloft.net, wangyufen@...wei.com Subject: Re: [PATCH net] net: ipv6: Fix oif in TCP SYN+ACK route lookup. On Fri, Apr 11, 2014 at 01:19:12PM +0900, Lorenzo Colitti wrote: > net-next commit 9c76a11, ipv6: tcp_ipv6 policy route issue, had > a boolean logic error that caused incorrect behaviour for TCP > SYN+ACK when oif-based rules are in use. Specifically: > > 1. If a SYN comes in from a global address, and sk_bound_dev_if > is not set, the routing lookup has oif set to the interface > the SYN came in on. Instead, it should have oif unset, > because for global addresses, the incoming interface doesn't > necessarily have any bearing on the interface the SYN+ACK is > sent out on. > 2. If a SYN comes in from a link-local address, and > sk_bound_dev_if is set, the routing lookup has oif set to the > interface the SYN came in on. Instead, it should have oif set > to sk_bound_dev_if, because that's what the application > requested. > > Signed-off-by: Lorenzo Colitti <lorenzo@...gle.com> Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org> Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists