lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 29 May 2020 16:42:27 -0700 (PDT)
From:   David Miller <>
Subject: Re: [PATCH net-next] vxlan: remove fdb when out interface is

From: Taehee Yoo <>
Date: Wed, 27 May 2020 16:29:50 +0000

> vxlan fdb can have NDA_IFINDEX, which indicates an out interface.
> If the interface is removed, that fdb will not work.
> So, when interface is removed, vxlan's fdb can be removed.
> Test commands:
>     ip link add dummy0 type dummy
>     ip link add vxlan0 type vxlan vni 1000
>     bridge fdb add 11:22:33:44:55:66 dst dev vxlan0 via dummy0 self
>     ip link del dummy0
> Before this patch, fdbs will not be removed.
> Result:
>     bridge fdb show dev vxlan0
> 11:22:33:44:55:66 dst via if10 self permanent
> 'if10' indicates 'dummy0' interface index.
> But the dummy0 interface was removed so this fdb will not work.
> Signed-off-by: Taehee Yoo <>

But if someone adds an interface afterwards with ifindex 10 that FDB
entry will start using it.

I don't know how desirable that is, but if someone is depending upon
that behavior now this change will break things for them.

Powered by blists - more mailing lists