| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Nov 2015 10:30:32 -0700
From: David Ahern <dsa@...ulusnetworks.com>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH net-next 1/2] net: l3mdev: Add master device lookup by
index
On 11/22/15 10:23 AM, David Miller wrote:
> From: David Ahern <dsa@...ulusnetworks.com>
> Date: Thu, 19 Nov 2015 12:32:00 -0800
>
>> Add helper to lookup master index given a device index.
>>
>> Signed-off-by: David Ahern <dsa@...ulusnetworks.com>
>
> I don't like where this is going.
>
> sk->sk_bound_dev_if is for device bindings which the user has
> explicitly asked for.
>
> We should never, therefore, automatically set it without the user's
> consent.
In this case the user is running a daemon (bgpd) where a single instance
works across all VRFs. The listen socket is not bound to a device, so
this does not override what the user ask for. Child sockets are then
bound to the VRF device the connection originates over, so it narrows
the scope of accepted connections to a single VRF.
If you look at the change, e.g.,:
ireq->ir_iif = sk->sk_bound_dev_if ? :
l3mdev_master_ifindex_by_index(sock_net(sk), skb->skb_iif);
It keeps user requested sk_bound_dev_if if it is set. If not, applies
the limited scope of a VRF device if the skb originated on a device
enslaved to a VRF device.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists