lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20150610.213246.909418500696941374.davem@davemloft.net>
Date:	Wed, 10 Jun 2015 21:32:46 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	gospo@...ulusnetworks.com
Cc:	sfeldma@...il.com, hideaki.yoshifuji@...aclelinux.com,
	netdev@...r.kernel.org, ddutt@...ulusnetworks.com,
	alexander.duyck@...il.com, hannes@...essinduktion.org,
	stephen@...workplumber.org
Subject: Re: [PATCH net-next 2/3 v3] net: ipv4 sysctl option to ignore
 routes when nexthop link is down

From: Andy Gospodarek <gospo@...ulusnetworks.com>
Date: Wed, 10 Jun 2015 23:36:21 -0400

> On Wed, Jun 10, 2015 at 08:00:14PM -0700, Scott Feldman wrote:
>> On Wed, Jun 10, 2015 at 7:57 PM, YOSHIFUJI Hideaki
>> <hideaki.yoshifuji@...aclelinux.com> wrote:
>> > Hi,
>> >
>> > Andy Gospodarek wrote:
>> >> This feature is only enabled with the new per-interface or ipv4 global
>> >> sysctls called 'ignore_routes_with_linkdown'.
>> >>
>> >> net.ipv4.conf.all.ignore_routes_with_linkdown = 0
>> >> net.ipv4.conf.default.ignore_routes_with_linkdown = 0
>> >> net.ipv4.conf.lo.ignore_routes_with_linkdown = 0
>> > :
>> >> Signed-off-by: Andy Gospodarek <gospo@...ulusnetworks.com>
>> >> Signed-off-by: Dinesh Dutt <ddutt@...ulusnetworks.com>
>> >> ---
>> > :
>> >> diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
>> >> index 7e7746a..c9d0a0e 100644
>> >> --- a/kernel/sysctl_binary.c
>> >> +++ b/kernel/sysctl_binary.c
>> >> @@ -253,6 +253,7 @@ static const struct bin_table bin_net_ipv4_conf_vars_table[] = {
>> >>       { CTL_INT,      NET_IPV4_CONF_NOPOLICY,                 "disable_policy" },
>> >>       { CTL_INT,      NET_IPV4_CONF_FORCE_IGMP_VERSION,       "force_igmp_version" },
>> >>       { CTL_INT,      NET_IPV4_CONF_PROMOTE_SECONDARIES,      "promote_secondaries" },
>> >> +     { CTL_INT,      NET_IPV4_CONF_IGNORE_ROUTES_WITH_LINKDOWN,      "ignore_routes_with_linkdown" },
>> >>       {}
>> >>  };
>> >>
>> >
>> > Please do not add new binary sysctl knob. Thank you.
>> 
>> Reason?
> 
> I'll echo Scott's request here.  I realize than an abundance of them is
> bad, but (to me) this one seems useful.  Unless of course we want to
> make this proposed behavior the default.  :-)

Kernel wide, new binary sysctl's are verboten.

Everyone should be accessing sysctls via their name.

You have to remove this.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ