| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Apr 2017 16:35:16 +0100 From: Robert Shearman <rshearma@...cade.com> To: David Ahern <dsa@...ulusnetworks.com>, <davem@...emloft.net> CC: <netdev@...r.kernel.org> Subject: Re: [PATCH net] ipv4: Avoid caching dsts when lookup skipped nh oif check On 20/04/17 16:16, David Ahern wrote: > On 4/20/17 9:05 AM, Robert Shearman wrote: >> The key thing I think is the ip rules: >> >> $ ip rule >> 0: from all lookup local >> 1000: from all lookup [l3mdev-table] >> 32766: from all lookup main >> 32767: from all lookup default >> >> Maybe you have the local rule moved down at startup? > > yes that would be a problem. With this test the 127.0.0.1 lookup is > matching on the wrong table: > > perf probe fib_table_lookup%return ret=%ax > perf record -e fib:*,probe:* -a -- ping -c1 -w1 -I red 127.0.0.1 > ... > perf script > ... > Table 255 is the wrong table. That is the ultimate problem here. > The table used for the lookup could be retrieved from the oif, but the check I introduced would still be required to cope with the unusual, but not disallowed, case of two VRF master devices referring to the same table. Thanks, Rob
Powered by blists - more mailing lists