lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZjnrtWZeVgsHyNhm@hog>
Date: Tue, 7 May 2024 10:52:05 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Antony Antony <antony@...nome.org>
Cc: Antony Antony <antony.antony@...unet.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Steffen Klassert <steffen.klassert@...unet.com>,
	netdev@...r.kernel.org, linux-kselftest@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>,
	David Ahern <dsahern@...nel.org>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Shuah Khan <shuah@...nel.org>, devel@...ux-ipsec.org
Subject: Re: [PATCH net-next v3 0/2] fix icmp error source address over xfrm
 tunnel

2024-05-06, 17:57:23 +0200, Antony Antony wrote:
> Hi Sabrina,
> 
> On Mon, May 06, 2024 at 03:36:15PM +0200, Sabrina Dubroca via Devel wrote:
> > 2024-05-06, 09:58:26 +0200, Antony Antony wrote:
> > > Hi,
> > > This fix, originally intended for XFRM/IPsec, has been recommended by
> > > Steffen Klassert to submit to the net tree.
> > > 
> > > The patch addresses a minor issue related to the IPv4 source address of
> > > ICMP error messages, which originated from an old 2011 commit:
> > > 
> > > 415b3334a21a ("icmp: Fix regression in nexthop resolution during replies.")
> > > 
> > > The omission of a "Fixes" tag  in the following commit is deliberate
> > > to prevent potential test failures and subsequent regression issues
> > > that may arise from backporting this patch all stable kerenels.
> > 
> > What kind of regression do you expect? If there's a risk of
> 
> For example, an old testing scripts with hardcoded source IP address assume
> that the "Unreachable response" will have the previous behavior. Such 
> testing script may trigger regression when this patch is backported.  
> Consequently, there may be discussions on whether this patch has broken the 
> 10-year-old test scripts, which may be hard to fix.

Ok, that seems like an acceptable level of "regression" to me. Thanks
for explaining.

> > regression, I'm not sure net-next is that much "better" than net or
> > stable. If a user complains about the new behavior breaking their
> > setup, my understanding is that you would likely have to revert the
> > patch anyway, or at least add some way to toggle the behavior.
> 
> My hope is that if this patch is applied to net-next without a "Fixes" tag,
> users would fix their testing scripts properly.

I don't think the lack of a fixes tag will make people fix broken test
scripts, but maybe I'm too pessimistic.

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ