| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Dec 2016 14:51:57 +0200 From: Saku Ytti <saku@...i.fi> To: netdev@...r.kernel.org Subject: arp_filter and IPv6 ND Hey, net.ipv4.conf.all.arp_filter appears not to have IPv6 counter part. Or am I missing something? That is Linux does answer to ND queries for unrelated interfaces by default, and I can't seem to find way to turn that off. Is it proper maintainership to accept changes to single protocol, without mandating the support for other protocol having same behavioural characteristics? It is good that some parts for ARP and ND have common code in linux (neighbour.c) unlike in BSD where everything seems to be self-contained. I'd wish that even more of ARP/ND would common, because there are still lot of common behavioural code in ARP/ND code itself, which requires double maintenance and are implemented by different people at different times, so leads to different set of bugs and behaviour for same intended behaviour. For example this feature should be protocol agnostic, developer should only need to develop it once for the higher level behavioural code, without minding which IP AFI it is for. Obviously that does not exclude ability to sysctl configure it on/off per AFI. Thanks! -- ++ytti
Powered by blists - more mailing lists