lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 10 Jun 2019 23:53:15 +0200
From:   Stefano Brivio <sbrivio@...hat.com>
To:     David Ahern <dsahern@...il.com>
Cc:     David Miller <davem@...emloft.net>, Jianlin Shi <jishi@...hat.com>,
        Wei Wang <weiwan@...gle.com>, Martin KaFai Lau <kafai@...com>,
        Eric Dumazet <edumazet@...gle.com>,
        Matti Vaittinen <matti.vaittinen@...rohmeurope.com>,
        netdev@...r.kernel.org
Subject: Re: [PATCH net v3 0/2] ipv6: Fix listing and flushing of cached
 route exceptions

On Mon, 10 Jun 2019 15:38:06 -0600
David Ahern <dsahern@...il.com> wrote:

> On 6/8/19 12:12 PM, Stefano Brivio wrote:
> > The commands 'ip -6 route list cache' and 'ip -6 route flush cache'
> > don't work at all after route exceptions have been moved to a separate
> > hash table in commit 2b760fcf5cfb ("ipv6: hook up exception table to store
> > dst cache"). Fix that.  
> 
> The breakage is the limited ability to remove exceptions. Yes, you can
> delete a v6 exception route if you know it exists. Without the ability
> to list them, you have to guess.
> 
> The ability to list exceptions was deleted 2 years ago with 4.15. So far
> no one has complained that exceptions do not show up in route dumps.

I am doing it right now...

> Rather than perturb the system again and worse with different behaviors,

Well, I'm just trying to restore the behaviour before 2b760fcf5cfb
it's not "different".

I don't think 2b760fcf5cfb intended to break iproute2 like that.

> in dot releases of stable trees, I think it would be better to converge
> on consistent behavior between v4 and v6. By that I mean without the
> CLONED flag, no exceptions are returned (default FIB dump). With the
> CLONED flag only exceptions are returned.

Again, this needs a change in iproute2, because RTM_F_CLONED is *not*
passed on 'flush'. And sure, let's *also* do that, but not everybody
runs recent versions of iproute2.

-- 
Stefano

Powered by blists - more mailing lists