lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20150825.134759.1592811364914291771.davem@davemloft.net>
Date:	Tue, 25 Aug 2015 13:47:59 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	dsa@...ulusnetworks.com
Cc:	tgraf@...g.ch, netdev@...r.kernel.org, shm@...ulusnetworks.com
Subject: Re: [PATCH net-next] inetpeer: Add support for VRFs

From: David Ahern <dsa@...ulusnetworks.com>
Date: Sun, 23 Aug 2015 20:01:34 -0600

> On 8/23/15 6:15 PM, Thomas Graf wrote:
>> On 08/23/15 at 08:26am, David Ahern wrote:
>>> inetpeer caches based on address only, so duplicate IP addresses
>>> within
>>> a namespace return the same cached entry. Similar to IP fragments
>>> handle
>>> duplicate addresses across VRFs by adding the VRF master device index
>>> to
>>> the lookup.
>>
>> We have a lot of other places which use the address only. Are you
>> going to add the VRF id to all these places as well?
>>
> 
> If appropriate, yes. I have fixed IP fragments and this patch fixes
> inetpeer cache. In both cases (L3 artifacts) the vrf device index
> provides the means to uniquely identify duplicate IP addresses within
> a namespace. If you know of other code that might be impacted I will
> investigate and fix as needed.

Anyways, what this inetpeer patch is doing is the wrong abstraction.

The key is really "daddr + netdev" so make a helper that works using
those arguments.

Then it is clear as we propagate this around that addresses need to
be coupled with the device in question in order to be keyed properly.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ