| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af061e97-2d85-63d8-9d20-b6b47aede2c4@gmail.com> Date: Wed, 7 Nov 2018 12:06:24 -0700 From: David Ahern <dsahern@...il.com> To: Mike Manning <mmanning@...tta.att-mail.com>, netdev@...r.kernel.org Cc: Robert Shearman <rshearma@...tta.att-mail.com> Subject: Re: [PATCH net-next v5 1/9] net: allow binding socket in a VRF when there's an unbound socket On 11/7/18 8:36 AM, Mike Manning wrote: > From: Robert Shearman <rshearma@...tta.att-mail.com> > > Change the inet socket lookup to avoid packets arriving on a device > enslaved to an l3mdev from matching unbound sockets by removing the > wildcard for non sk_bound_dev_if and instead relying on check against > the secondary device index, which will be 0 when the input device is > not enslaved to an l3mdev and so match against an unbound socket and > not match when the input device is enslaved. > > Change the socket binding to take the l3mdev into account to allow an > unbound socket to not conflict sockets bound to an l3mdev given the > datapath isolation now guaranteed. > > Signed-off-by: Robert Shearman <rshearma@...tta.att-mail.com> > Signed-off-by: Mike Manning <mmanning@...tta.att-mail.com> > --- > Documentation/networking/vrf.txt | 9 +++++---- > include/net/inet6_hashtables.h | 5 ++--- > include/net/inet_hashtables.h | 13 ++++++------- > include/net/inet_sock.h | 13 +++++++++++++ > net/ipv4/inet_connection_sock.c | 13 ++++++++++--- > net/ipv4/inet_hashtables.c | 20 +++++++++++++++----- > 6 files changed, 51 insertions(+), 22 deletions(-) Reviewed-by: David Ahern <dsahern@...il.com> Tested-by: David Ahern <dsahern@...il.com>
Powered by blists - more mailing lists