lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 25 Mar 2022 08:13:55 -0600
From:   David Ahern <dsahern@...il.com>
To:     Stephen Suryaputra <ssuryaextr@...il.com>, netdev@...r.kernel.org,
        rshearma@...tta.att-mail.com, mmanning@...tta.att-mail.com
Subject: Re: Matching unbound sockets for VRF

On 3/24/22 11:19 AM, Stephen Suryaputra wrote:
> Hello,
> 
> After upgrading to a kernel version that has commit 3c82a21f4320c ("net:
> allow binding socket in a VRF when there's an unbound socket") several
> of our applications don't work anymore. We are relying on the previous
> behavior, i.e. when packets arrive on an l3mdev enslaved device, the
> unbound sockets are matched.
> 
> I understand the use case for the commit but given that the previous
> behavior has been there for quite some time since the VRF introduction,
> should there be a configurable option to get the previous behavior? The
> option could be having the default be the behavior achieved by the
> commit.
> 

I thought the behavior was controlled by the l3mdev sysctl knobs.

Powered by blists - more mailing lists