| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Mar 2018 11:29:32 -0400 (EDT) From: David Miller <davem@...hat.com> To: dsahern@...il.com Cc: netdev@...r.kernel.org, idosch@...sch.org Subject: Re: [PATCH v4 net-next 0/6] net/ipv6: Address checks need to consider the L3 domain From: David Ahern <dsahern@...il.com> Date: Tue, 13 Mar 2018 08:29:35 -0700 > IPv6 prohibits a local address from being used as a gateway for a route. > However, it is ok for the gateway to be a local address in a different L3 > domain (e.g., VRF). This allows, for example, veth pairs to connect VRFs. > > ip6_route_info_create calls ipv6_chk_addr_and_flags for gateway addresses > to determine if the address is a local one, but ipv6_chk_addr_and_flags > does not currently consider L3 domains. As a result routes can not be > added in one VRF with a nexthop that points to a local address in a > second VRF. > > Resolve by comparing the l3mdev for the passed in device and requiring an > l3mdev match with the device containing an address. The intent of checking > for an address on the specified device versus any device in the domain is > mantained by a new argument to skip the check between the passed in device > and the device with the address. ... Series applied, thanks David. I'd also like to echo Ido's sentiments on your commit log messages, their attention to detail made this series that much easier to review.
Powered by blists - more mailing lists