lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 9 Jul 2021 18:21:23 +0200
From:   Guillaume Nault <gnault@...hat.com>
To:     David Ahern <dsahern@...il.com>
Cc:     Ido Schimmel <idosch@...sch.org>,
        David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        Shuah Khan <shuah@...nel.org>, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next 1/4] selftests: forwarding: Test redirecting gre
 or ipip packets to Ethernet

On Wed, Jul 07, 2021 at 07:50:38PM -0600, David Ahern wrote:
> On 7/6/21 1:02 PM, Guillaume Nault wrote:
> > --- a/drivers/net/vxlan.c
> > +++ b/drivers/net/vxlan.c
> > @@ -3767,8 +3767,7 @@ static int vxlan_config_validate(struct net *src_net, struct vxlan_config *conf,
> >  		    (conf->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)))
> >  			continue;
> >  
> > -		if ((conf->flags & VXLAN_F_IPV6_LINKLOCAL) &&
> > -		    tmp->cfg.remote_ifindex != conf->remote_ifindex)
> > +		if (tmp->cfg.remote_ifindex != conf->remote_ifindex)
> >  			continue;
> >  
> >  		NL_SET_ERR_MSG(extack,
> 
> Looking at the vxlan driver and that restriction is unnecessary. While
> IPv6 LLA requires a device index, allowing separate LINK attributes is a
> legit use case - as VRF shows.

I believe there's more to do than just my quick hack patch. At least
vxlan_vs_find_vni() probably needs to be modified too. At which point
VXLAN_F_IPV6_LINKLOCAL would become essentially unused and should be
removed.

> Do you want to send a formal patch to fix this one since you have it
> diagnosed?

I'll work on that after net-next reopens. I might try to make bareudp
compatible with VRF too, if time allows. If I get at least VXLAN and
bareudp to work in a multi-VRF setup, then I'll rebase the selftests on
the VRF infrastructure (and just remove the tests for tunnels still
incompatible with this setup).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ