| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e8acfa25-0cc4-4976-97e5-1639dc049c59@kernel.org> Date: Tue, 8 Apr 2025 10:49:00 -0600 From: David Ahern <dsahern@...nel.org> To: hanhuihui <hanhuihui5@...wei.com>, idosch@...sch.org Cc: kuba@...nel.org, netdev@...r.kernel.org Subject: Re: VRF Routing Rule Matching Issue: oif Rules Not Working After Commit 40867d74c374 On 4/8/25 10:17 AM, hanhuihui wrote: > Before the patch is installed, oif/iif rules can be configured for traffic from the VRF and traffic can be forwarded normally. > However, in this patch, traffic from the VRF resets fl->flowi_oif in l3mdev_update_flow. As a result, the 'rule->oifindex != fl->flowi_oif' > condition in fib_rule_match cannot be met, the oif rule cannot be matched. The patch also mentions "oif set to L3mdev directs lookup to its table; > reset to avoid oif match in fib_lookup" in the modification, which seems to be intentional. I'm rather confused about this. Does the modification > ignore the scenario where the oif/iif rule is configured on the VRF, or is the usage of the oif/iif rule no longer supported by the community after > the patch is installed, or is the usage of the oif/iif rule incorrectly used? > Any reply would be greatly appreciated. > oif/iif rules per VRF does not scale; the l3mdev rule was added to address that problem.
Powered by blists - more mailing lists