| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Oct 2017 06:58:37 +0300
From: Eyal Birger <eyal.birger@...il.com>
To: David Miller <davem@...emloft.net>
Cc: shmulik@...f.io, "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
mateusz.bajorski@...ia.com, dsa@...ulusnetworks.com, tgraf@...g.ch,
Shmulik Ladkani <shmulik.ladkani@...il.com>
Subject: Re: [PATCH net] net: fib_rules: Fix fib_rules_ops->compare
implementations to support exact match
Hi David,
On Wed, Oct 4, 2017 at 12:54 AM, David Miller <davem@...emloft.net> wrote:
> From: Shmulik Ladkani <shmulik@...f.io>
> Date: Sat, 30 Sep 2017 11:59:09 +0300
>
>> This leads to inconsistencies, depending on order of operations, e.g.:
>
> I don't see any inconsistency. When you insert using NLM_F_EXCL the
> insertion fails if any existing rule matches or overlaps in any way
> with the keys in the new rule.
>
> Sorry I'm not going to apply this.
The inconsistency we saw is that 0.0.0.0/0 is treated differently compared to
all other subnets - for which overlaps are not disallowed - e.g. this succeeds:
# ip ru add from 10.0.0.0/8 iif eth2 pref 33 table 33
# ip ru add from 0.0.0.0/1 iif eth2 pref 33 table 33
# ip ru add from 128.0.0.0/1 iif eth2 pref 33 table 33
Though being functionally equivalent to adding from=0.0.0.0/0.
So our understanding was that 'different subnet==different rule', similar to the
route addition behavior with NLM_F_EXCL.
Best regards,
Eyal.
Powered by blists - more mailing lists