lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 30 Jun 2023 13:51:25 +0200
From: Stefan Agner <stefan@...er.ch>
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
 pabeni@...hat.com, netdev@...r.kernel.org, john.carr@...outed.co.uk,
 linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] ipv6: add option to explicitly enable reachability
 test

Hi Eric,

On 2023-03-28 19:54, Eric Dumazet wrote:
> On Tue, Mar 28, 2023 at 5:39 PM Stefan Agner <stefan@...er.ch> wrote:
>>
>> Systems which act as host as well as router might prefer the host
>> behavior. Currently the kernel does not allow to use IPv6 forwarding
>> globally and at the same time use route reachability probing.
>>
>> Add a compile time flag to enable route reachability probe in any
>> case.
>>
>> Signed-off-by: Stefan Agner <stefan@...er.ch>
>> ---
>> My use case is a OpenThread device which at the same time can also act as a
>> client communicating with Thread devices. Thread Border routers use the Route
>> Information mechanism to publish routes with a lifetime of up to 1800s. If
>> one of the Thread Border router goes offline, the lack of reachability probing
>> currenlty leads to outages of up to 30 minutes.
>>
>> Not sure if the chosen method is acceptable. Maybe a runtime flag is preferred?
> 
> I guess so. Because distros would have to choose a compile option.
> 
> Not a new sysfs, only an IFLA_INET6_REACHABILITY_PROBE ?
>

Wouldn't that be a per interface config? From what I can tell currently
the reachability probing is disabled when IPv6 forwarding is enabled on
a global level only. So I'd need something which disables that behavior
on a global only as well.

--
Stefan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ