lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20180316.112932.603588692693769640.davem@redhat.com>
Date:   Fri, 16 Mar 2018 11:29:32 -0400 (EDT)
From:   David Miller <davem@...hat.com>
To:     dsahern@...il.com
Cc:     netdev@...r.kernel.org, idosch@...sch.org
Subject: Re: [PATCH v4 net-next 0/6] net/ipv6: Address checks need to
 consider the L3 domain

From: David Ahern <dsahern@...il.com>
Date: Tue, 13 Mar 2018 08:29:35 -0700

> IPv6 prohibits a local address from being used as a gateway for a route.
> However, it is ok for the gateway to be a local address in a different L3
> domain (e.g., VRF). This allows, for example, veth pairs to connect VRFs.
> 
> ip6_route_info_create calls ipv6_chk_addr_and_flags for gateway addresses
> to determine if the address is a local one, but ipv6_chk_addr_and_flags
> does not currently consider L3 domains. As a result routes can not be
> added in one VRF with a nexthop that points to a local address in a
> second VRF.
> 
> Resolve by comparing the l3mdev for the passed in device and requiring an
> l3mdev match with the device containing an address. The intent of checking
> for an address on the specified device versus any device in the domain is
> mantained by a new argument to skip the check between the passed in device
> and the device with the address.
 ...

Series applied, thanks David.

I'd also like to echo Ido's sentiments on your commit log messages, their
attention to detail made this series that much easier to review.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ