lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 24 Feb 2016 14:16:39 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	dsa@...ulusnetworks.com
Cc:	netdev@...r.kernel.org, david@...nsourcerouting.org,
	equinox@...c24.net
Subject: Re: [PATCH net-next v2 2/2] net: l3mdev: prefer VRF master for
 source address selection

From: David Ahern <dsa@...ulusnetworks.com>
Date: Mon, 22 Feb 2016 10:23:51 -0800

> From: David Lamparter <equinox@...c24.net>
> 
> When selecting an address in context of a VRF, the vrf master should be
> preferred for address selection.  If it isn't, the user has a hard time
> getting the system to select to their preference - the code will pick
> the address off the first in-VRF interface it can find, which on a
> router could well be a non-routable address.
> 
> Signed-off-by: David Lamparter <equinox@...c24.net>
> Signed-off-by: David Ahern <dsa@...ulusnetworks.com>
> [dsa: Fixed comment style ]
> ---
> v2
> - Fixed comment per Dave's response
> 
>  net/ipv4/devinet.c | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
> index 614904c29cbd..01119fbf3b30 100644
> --- a/net/ipv4/devinet.c
> +++ b/net/ipv4/devinet.c
> @@ -1217,6 +1217,24 @@ __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
>  no_in_dev:
>  	master_idx = l3mdev_master_ifindex_rcu(dev);
>  
> +	/* For VRFs, the VRF device takes the place of the loopback device,
> +	 * with addresses on it being preferred.  Note in such cases the
> +	 * loopback device will be among the devices that fail the master_idx
> +	 * equality check in the loop below.
> +	 */
> +	if (master_idx &&
> +	    (dev = dev_get_by_index_rcu(net, master_idx)) &&
> +	    (in_dev = __in_dev_get_rcu(dev))) {
> +
> +		for_primary_ifa(in_dev) {

Please get rid of this empty line, and resubmit this series with a proper
"0/N" header posting explaining the high level purpose of this patch
series and what it is doing.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ