| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260129153217.35d29be1@kernel.org> Date: Thu, 29 Jan 2026 15:32:17 -0800 From: Jakub Kicinski <kuba@...nel.org> To: Marc Sune <marcdevel@...il.com> Cc: willemdebruijn.kernel@...il.com, pabeni@...hat.com, netdev@...r.kernel.org, dborkman@...nel.org, vadim.fedorenko@...ux.dev Subject: Re: [PATCH net v2 0/4] discard ARP/NDP b/mcast/null announce (poison) On Thu, 29 Jan 2026 19:39:59 +0100 Marc Sune wrote: > > > This patchset only modifies the behaviour of the neighbouring subsystem > > > when processing network packets. Static entries can still be added with > > > mcast/bcast/null MACs. > > > > Not a very strong opinion but my intuition would be to target > > this to net-next. I read it as an improvement to RFC compliance > > more than a solution. > > The main driver for this patchset is to remove the attack vectors > described in Note 1 and Note 2 of Patch 1/4 (in the cover letter of > RFC v1), not so much being RFC compliant. They are arguably low risk, > but I would think there is value in having them on all stable > versions. I originally targeted net and didn't add Fixes as I think > these sanity checks have never been there. > > Let me know if you prefer v3 to target net-next instead. Nobody else chiming in to disagree with me so if it's your word against mine I do prefer net-next :) No matter what we do an unsecured L2 is not defensible by making tweaks at the endpoint in the IP protocol stack.
Powered by blists - more mailing lists