lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 14 Jan 2023 12:23:32 -0500
From:   Xin Long <lucien.xin@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     network dev <netdev@...r.kernel.org>, davem@...emloft.net,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, Jiri Pirko <jiri@...nulli.us>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>
Subject: Re: [PATCHv2 net 1/2] ipv6: prevent only DAD and RS sending for IFF_NO_ADDRCONF

On Sat, Jan 14, 2023 at 12:33 AM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Wed, 11 Jan 2023 19:41:56 -0500 Xin Long wrote:
> > So instead of preventing all the ipv6 addrconf, it makes more sense to
> > only prevent DAD and RS sending for the slave ports: Firstly, check
> > IFF_NO_ADDRCONF in addrconf_dad_completed() to prevent RS as it did in
> > commit b52e1cce31ca ("ipv6: Don't send rs packets to the interface of
> > ARPHRD_TUNNEL"), and then also check IFF_NO_ADDRCONF where IFA_F_NODAD
> > is checked to prevent DAD.
>
> Maybe it's because I'm not an ipv6 expert but it feels to me like we're
> getting into intricate / hacky territory. IIUC all addresses on legs of
> bond/team will silently get nodad behavior? Isn't that risky for a fix?
Understand.
I was actually thinking this would be less risky than completely disabling
ipv6 addrconf for IFF_NO_ADDRCONF.

>
> Could we instead revert 0aa64df30b38 and take this via net-next?
Fair enough.
I will send a revert of 0aa64df30b38.
Let's take a step back and think about doing it via net-next.

>
> Alternatively - could the team user space just tell the kernel what
> behavior it wants? Instead of always putting the flag up, like we did
> in 0aa64df30b3, do it only when the user space opts in?
Like when knowing nsna_ping link watch is used, but it is loaded after
the port is added in libteam, and yet the kernel has no idea what link
watch is used in userspace.
Jiri?

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ