lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201019201518.4a48ef1a@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Mon, 19 Oct 2020 20:15:18 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     David Ahern <dsahern@...il.com>
Cc:     Vincent Bernat <vincent@...nat.ch>,
        "David S. Miller" <davem@...emloft.net>,
        Jonathan Corbet <corbet@....net>, netdev@...r.kernel.org,
        Andy Gospodarek <gospo@...ulusnetworks.com>
Subject: Re: [PATCH net-next v1] net: evaluate
 net.conf.ipvX.all.ignore_routes_with_linkdown

On Mon, 19 Oct 2020 20:56:36 -0600 David Ahern wrote:
> On 10/19/20 6:53 PM, Jakub Kicinski wrote:
> > On Sat, 17 Oct 2020 14:50:11 +0200 Vincent Bernat wrote:  
> >> Introduced in 0eeb075fad73, the "ignore_routes_with_linkdown" sysctl
> >> ignores a route whose interface is down. It is provided as a
> >> per-interface sysctl. However, while a "all" variant is exposed, it
> >> was a noop since it was never evaluated. We use the usual "or" logic
> >> for this kind of sysctls.  
> >   
> >> Without this patch, the two last lines would fail on H1 (the one using
> >> the "all" sysctl). With the patch, everything succeeds as expected.
> >>
> >> Also document the sysctl in `ip-sysctl.rst`.
> >>
> >> Fixes: 0eeb075fad73 ("net: ipv4 sysctl option to ignore routes when nexthop link is down")
> >> Signed-off-by: Vincent Bernat <vincent@...nat.ch>  
> > 
> > I'm not hearing any objections, but I have two questions:
> >  - do you intend to merge it for 5.10 or 5.11? Because it has a fixes
> >    tag, yet it's marked for net-next. If we put it in 5.10 it may get
> >    pulled into stable immediately, knowing how things work lately.
> >  - we have other sysctls that use IN_DEV_CONF_GET(), 
> >    e.g. "proxy_arp_pvlan" should those also be converted?
> 
> The inconsistency with 'all' has been a major pain. In this case, I
> think it makes sense. Blindly changing all of them I suspect will lead
> to trouble. It is something reviewers should keep an eye on as sysctl
> settings get added.

Just saying.. if Vincent had the time to clean them all up _carefully_,
it'd be less likely we'll see another one added through copy & paste :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ