lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 5 Dec 2020 13:49:51 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Stephen Suryaputra <ssuryaextr@...il.com>
Cc:     David Ahern <dsahern@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net] vrf: packets with lladdr src needs dst at input
 with orig_iif when needs strict

On Fri, 4 Dec 2020 19:22:27 -0500 Stephen Suryaputra wrote:
> On Fri, Dec 04, 2020 at 03:37:48PM -0800, Jakub Kicinski wrote:
> > On Fri, 4 Dec 2020 09:32:04 -0700 David Ahern wrote:  
> > > On 12/3/20 8:06 PM, Stephen Suryaputra wrote:  
> > > > Depending on the order of the routes to fe80::/64 are installed on the
> > > > VRF table, the NS for the source link-local address of the originator
> > > > might be sent to the wrong interface.
> > > > 
> > > > This patch ensures that packets with link-local addr source is doing a
> > > > lookup with the orig_iif when the destination addr indicates that it
> > > > is strict.
> > > > 
> > > > Add the reproducer as a use case in self test script fcnal-test.sh.
> > > > 
> > > > Signed-off-by: Stephen Suryaputra <ssuryaextr@...il.com>
> > > > ---
> > > >  drivers/net/vrf.c                         | 10 ++-
> > > >  tools/testing/selftests/net/fcnal-test.sh | 95 +++++++++++++++++++++++
> > > >  2 files changed, 103 insertions(+), 2 deletions(-)  
> > > 
> > > Reviewed-by: David Ahern <dsahern@...nel.org>  
> > 
> > Should I put something like:
> > 
> > Fixes: b4869aa2f881 ("net: vrf: ipv6 support for local traffic to local addresses")
> > 
> > on this?  
> 
> I was conflicted when I was about to put Fixes tag on this patch because
> it could either be b4869aa2f881 that you mentioned above, or 6f12fa7755301
> ("vrf: mark skb for multicast or link-local as enslaved to VRF"). So, I
> decided not to put it, but may be I should so that this is qualified to
> be queued to stable?

Yeah, probably doesn't matter that much in practice. Either one would
work, since the patch won't apply without 6f12fa7755301.

I added the one I mentioned and applied to net.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ