| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Aug 2015 13:47:59 -0700 (PDT) From: David Miller <davem@...emloft.net> To: dsa@...ulusnetworks.com Cc: tgraf@...g.ch, netdev@...r.kernel.org, shm@...ulusnetworks.com Subject: Re: [PATCH net-next] inetpeer: Add support for VRFs From: David Ahern <dsa@...ulusnetworks.com> Date: Sun, 23 Aug 2015 20:01:34 -0600 > On 8/23/15 6:15 PM, Thomas Graf wrote: >> On 08/23/15 at 08:26am, David Ahern wrote: >>> inetpeer caches based on address only, so duplicate IP addresses >>> within >>> a namespace return the same cached entry. Similar to IP fragments >>> handle >>> duplicate addresses across VRFs by adding the VRF master device index >>> to >>> the lookup. >> >> We have a lot of other places which use the address only. Are you >> going to add the VRF id to all these places as well? >> > > If appropriate, yes. I have fixed IP fragments and this patch fixes > inetpeer cache. In both cases (L3 artifacts) the vrf device index > provides the means to uniquely identify duplicate IP addresses within > a namespace. If you know of other code that might be impacted I will > investigate and fix as needed. Anyways, what this inetpeer patch is doing is the wrong abstraction. The key is really "daddr + netdev" so make a helper that works using those arguments. Then it is clear as we propagate this around that addresses need to be coupled with the device in question in order to be keyed properly. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists