lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190821095844.me6kscvnfruinseu@salvia> Date: Wed, 21 Aug 2019 11:58:44 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Leonardo Bras <leonardo@...ux.ibm.com> Cc: Florian Westphal <fw@...len.de>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Jozsef Kadlecsik <kadlec@...filter.org>, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH 1/1] netfilter: nf_tables: fib: Drop IPV6 packages if IPv6 is disabled on boot On Tue, Aug 20, 2019 at 01:15:58PM -0300, Leonardo Bras wrote: > On Tue, 2019-08-20 at 07:36 +0200, Florian Westphal wrote: > > Wouldn't fib_netdev.c have the same problem? > Probably, but I haven't hit this issue yet. > > > If so, might be better to place this test in both > > nft_fib6_eval_type and nft_fib6_eval. > > I think that is possible, and not very hard to do. > > But in my humble viewpoint, it looks like it's nft_fib_inet_eval() and > nft_fib_netdev_eval() have the responsibility to choose a valid > protocol or drop the package. > I am not sure if it would be a good move to transfer this > responsibility to nft_fib6_eval_type() and nft_fib6_eval(), so I would > rather add the same test to nft_fib_netdev_eval(). > > Does it make sense? Please, update common code to netdev and ip6 extensions as Florian suggests. Thanks.
Powered by blists - more mailing lists