lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 17 Apr 2019 23:19:20 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     dsahern@...nel.org
Cc:     netdev@...r.kernel.org, roopa@...ulusnetworks.com,
        dsahern@...il.com
Subject: Re: [PATCH net-next] net ipv6: Prevent neighbor add if protocol is
 disabled on device

From: David Ahern <dsahern@...nel.org>
Date: Tue, 16 Apr 2019 17:31:43 -0700

> From: David Ahern <dsahern@...il.com>
> 
> Disabling IPv6 on an interface removes existing entries but nothing prevents
> new entries from being manually added. To that end, add a new neigh_table
> operation, allow_add, that is called on RTM_NEWNEIGH to see if neighbor
> entries are allowed on a given device. If IPv6 is disabled on the device,
> allow_add returns false and passes a message back to the user via extack.
> 
>   $ echo 1 > /proc/sys/net/ipv6/conf/eth1/disable_ipv6
>   $ ip -6 neigh add fe80::4c88:bff:fe21:2704 dev eth1 lladdr de:ad:be:ef:01:01
>   Error: IPv6 is disabled on this device.
> 
> Signed-off-by: David Ahern <dsahern@...il.com>

Also applied, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ