lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Aug 2014 23:07:42 +0300 (EEST) From: Julian Anastasov <ja@....bg> To: Sébastien Barré <sebastien.barre@...ouvain.be> cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org, Gregory Detal <gregory.detal@...ouvain.be>, Christoph Paasch <christoph.paasch@...ouvain.be>, Hannes Frederic Sowa <hannes@...hat.com>, Sergei Shtylyov <sergei.shtylyov@...entembedded.com> Subject: Re: [PATCH net-next v2] ipv4: Restore accept_local behaviour in fib_validate_source() Hello, On Sun, 17 Aug 2014, Sébastien Barré wrote: > Commit 7a9bc9b81a5b ("ipv4: Elide fib_validate_source() completely when possible.") > introduced a short-circuit to avoid calling fib_validate_source when not > needed. That change took rp_filter into account, but not accept_local. > This resulted in a change of behaviour: with rp_filter and accept_local > off, incoming packets with a local address in the source field should be > dropped. > > Here is how to reproduce the change pre/post 7a9bc9b81a5b commit: > -configure the same IPv4 address on hosts A and B. > -try to send an ARP request from B to A. > -The ARP request will be dropped before that commit, but accepted and answered > after that commit. > > This adds a check for ACCEPT_LOCAL, to maintain full > fib validation in case it is 0. We also leave __fib_validate_source() earlier > when possible, based on the same check as fib_validate_source(), once the > accept_local stuff is verified. I remember there was related change for docs, may be commit c801e3cc1925e0 should be reverted ? > Cc: Gregory Detal <gregory.detal@...ouvain.be> > Cc: Christoph Paasch <christoph.paasch@...ouvain.be> > Cc: Hannes Frederic Sowa <hannes@...hat.com> > Cc: Sergei Shtylyov <sergei.shtylyov@...entembedded.com> > Signed-off-by: Sébastien Barré <sebastien.barre@...ouvain.be> Regards -- Julian Anastasov <ja@....bg>
Powered by blists - more mailing lists