lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20180115.165953.1129966159870806622.davem@davemloft.net>
Date:   Mon, 15 Jan 2018 16:59:53 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     jwestfall@...realistic.net
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH v2 0/2] ipv4: Make neigh lookup keys for
 loopback/point-to-point devices be INADDR_ANY

From: Jim Westfall <jwestfall@...realistic.net>
Date: Mon, 15 Jan 2018 13:42:38 -0800

> David Miller <davem@...emloft.net> wrote [01.15.18]:
>> From: Jim Westfall <jwestfall@...realistic.net>
>> Date: Sun, 14 Jan 2018 04:18:49 -0800
>> 
>> > This used to be the previous behavior in older kernels but became broken in
>> > a263b3093641f (ipv4: Make neigh lookups directly in output packet path)
>> > and then later removed because it was broken in 0bb4087cbec0 (ipv4: Fix neigh
>> > lookup keying over loopback/point-to-point devices)
>> > 
>> > Not having this results in there being an arp entry for every remote ip
>> > address that the device talks to.  Given a fairly active device it can
>> > cause the arp table to become huge and/or having to add/purge large number
>> > of entires to keep within table size thresholds.
>> ...
>> > v2: 
>> >  - fixes coding style issues
>> 
>> Series applied and queued up for -stable, thank you.
> 
> Thanks for applying these.  We see the same type of behavior with ipv6  
> over point-to-point interfaces and I would like to fix these as well by 
> mapping all the ndisc_cache entries to in6addr_any.  However my knowledge 
> of ndisc is limited and I'm unclear if its safe to assume ndisc, like 
> arp, would never exist on the point-to-point interface.

Ok, hopefully some ipv6 experts can chime in.

Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ