lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151016093945.54a6a7aa@griffin>
Date:	Fri, 16 Oct 2015 09:39:45 +0200
From:	Jiri Benc <jbenc@...hat.com>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, tgraf@...g.ch
Subject: Re: [RFC PATCH net-next 0/9] netlink: strict attribute checking
 option

On Thu, 15 Oct 2015 23:50:07 -0700 (PDT), David Miller wrote:
> Although we are probably stuck with this, it was probably a bad idea
> to have this behavior as the default.

I agree. But we have what we have.

> Better would have been to always error on unrecognized attributes, and
> in the ACK give some indication of which attribute was problematic.

Should I try to extend the patches to return such information back to
the user? It would mean more intrusiveness, as there's no space in ack
to store such information (it would have been better to use attributes
even in the error responses instead of a fixed structure...).

> But anyhow we are stuck with what we have.  However, I will say I am
> disappointed that it is so hard to simply detect that lwtunnel support
> is present, which as I understand is what this patch set is trying to
> accomplish.

Yes, main motivation is lwtunnel support. However, I'd say this is
useful outside of it, too.

> And this is quite an intrusive patch series, and therefore not
> suitable for -stable backports.  And that's exactly where you actually
> are going to need these changes right?  Older kernels that lack
> lwtunnel support.

I'm targeting net-next only and don't intend to bring this to older
kernels. The patchset is designed in the way that it's possible to
detect that the kernel does not support strict attribute checking. When
this is detected, the tools will just assume that lwtunnel support is
not there. That's completely okay, it will just mean that the 4.3
kernel will be treated as not having lwtunnel support; everything will
work correctly, including openvswitch (which will use its compat code).

 Jiri

-- 
Jiri Benc
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ