| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7e6fda9a-2585-772d-b3d9-9a796e79dbe1@gmail.com> Date: Tue, 6 Mar 2018 11:32:59 -0700 From: David Ahern <dsahern@...il.com> To: Ido Schimmel <idosch@...sch.org> Cc: netdev@...r.kernel.org Subject: Re: [PATCH v2 net-next 2/5] net/ipv6: Address checks need to consider the L3 domain On 3/6/18 8:01 AM, Ido Schimmel wrote: > On Mon, Mar 05, 2018 at 01:34:03PM -0800, David Ahern wrote: >> ipv6_chk_addr_and_flags determines if an address is a local address. It >> is called by ip6_route_info_create to validate a gateway address is not a >> local address. It currently does not consider L3 domains and as a result >> does not allow a route to be added in one VRF if the nexthop points to >> an address in a second VRF. e.g., >> >> $ ip route add 2001:db8:1::/64 vrf r2 via 2001:db8:102::23 >> Error: Invalid gateway address. >> >> where 2001:db8:102::23 is an address on an interface in vrf r1. >> >> Resolve by comparing the l3mdev for the passed in device and requiring an >> l3mdev match with the device containing an address. The intent of checking >> for an address on the specified device versus any device in the domain is >> mantained by a new argument to skip the check between the passed in device >> and the device with the address. >> >> Update the handful of users of ipv6_chk_addr with a NULL dev argument: > > I see at least two callers from net/sctp/ipv6.c that pass a NULL > argument, which means they only want an address check, but you pass > 'false' to 'skip_dev_check'. right. I think ipv6_chk_addr should be passing dev == NULL for the skip_dev_check. Thanks for the review
Powered by blists - more mailing lists