lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Feb 2016 20:45:58 -0700
From:	David Ahern <dsa@...ulusnetworks.com>
To:	YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>,
	netdev@...r.kernel.org
Cc:	hannes@...essinduktion.org
Subject: Re: [PATCH] net: ipv6: Make address flushing on ifdown optional

On 2/16/16 7:10 PM, YOSHIFUJI Hideaki wrote:
> Hi,
> 
> David Ahern wrote:
>> On 2/16/16 1:45 AM, YOSHIFUJI Hideaki wrote:
>>>> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
>>>> index 24ce97f42d35..7ddbbb67f0db 100644
>>>> --- a/Documentation/networking/ip-sysctl.txt
>>>> +++ b/Documentation/networking/ip-sysctl.txt
>>>> @@ -1563,6 +1563,12 @@ temp_prefered_lft - INTEGER
>>>>    	Preferred lifetime (in seconds) for temporary addresses.
>>>>    	Default: 86400 (1 day)
>>>>    
>>>> +keep_addr_on_down - BOOLEAN
>>>> +	Keep all IPv6 addresses on an interface down event. If set static
>>>> +	global addresses with no expiration time are not flushed.
>>>> +
>>>> +	Default: disabled
>>>> +
>>>
>>> How about this:
>>>      1: enabled
>>>      0: system default
>>>     -1: disabled
>>> so that an iterface can override system-wide config?
>>
>> It is my understanding that the 'all' settings override the individual
>> interface settings. From Documentation/networking/ip-sysctl.txt +1346:
>>
>> conf/all/*:
>>          Change all the interface-specific settings.
> 
> Well, document is not correct.
> 1) Some of "all" variables set all interface specific settings.
> 2) Some of "all" variables override interface specific settings.
> 3) Some provide "fall-back" values; such an interface specific
>     setting overrides the corresponding "all" variable.
>     (Note: "default" variables are values per-interface settings
>     are initialized to.)
> 4) Others are ignored (the exists but no-ops).

Seems like a nightmare for an admin to understand which ones fall into
which category.

I really don't have a preference here beyond having the feature and
making it easy to enable (e.g., enable 'all' and it works for all). If
you want the 1/0/-1 trio and allow individual netdev settings to
override all then I will update the patch.

Thanks,
David

Powered by blists - more mailing lists