lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <a0b5d939-d4a5-42e9-ff23-635744636802@gmail.com>
Date:   Tue, 30 Nov 2021 08:12:56 -0700
From:   David Ahern <dsahern@...il.com>
To:     Ido Schimmel <idosch@...sch.org>,
        Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com>,
        roopa@...dia.com
Cc:     netdev@...r.kernel.org, David Miller <davem@...emloft.net>,
        Stephen Hemminger <stephen@...workplumber.org>,
        Ido Schimmel <idosch@...dia.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Andrei Vagin <avagin@...il.com>,
        Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
        Alexander Mikhalitsyn <alexander@...alicyn.com>
Subject: Re: [PATCH net-next] rtnetlink: add RTNH_REJECT_MASK

On 11/30/21 3:28 AM, Ido Schimmel wrote:
>> diff --git a/ip/iproute.c b/ip/iproute.c
>> index 1447a5f78f49..0e6dad2b67e5 100644
>> --- a/ip/iproute.c
>> +++ b/ip/iproute.c
>> @@ -1632,6 +1632,8 @@ static int save_route(struct nlmsghdr *n, void *arg)
>>         if (!filter_nlmsg(n, tb, host_len))
>>                 return 0;
>>  
>> +       r->rtm_flags &= RTNH_F_ONLINK;
>> +
>>         ret = write(STDOUT_FILENO, n, n->nlmsg_len);
>>         if ((ret > 0) && (ret != n->nlmsg_len)) {
>>                 fprintf(stderr, "Short write while saving nlmsg\n");
>>
>> to filter out all flags *except* RTNH_F_ONLINK.
> 
> Yes
> 
>>
>> But what about discussion from
>> https://lore.kernel.org/netdev/ff405eae-21d9-35f4-1397-b6f9a29a57ff@nvidia.com/
>>
>> As far as I understand Roopa, we have to save at least RTNH_F_OFFLOAD flag too,
>> for instance, if user uses Cumulus and want to dump/restore routes.
>>
>> I'm sorry if I misunderstood something.
> 
> Roopa, do you see a problem with the above patch?
> 

The offload flag can be set from userspace but seems to me that should
only be done by the process that talks to hardware. Using iproute2 to
dump routes and then restore them should not set that flag.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ