On 8/16/16 9:21 AM, Lorenzo Colitti wrote:
> I also don't see how the VRF behaviour where sk_bound_dev_if sets the
> master interface and pktinto selects the slave interface" can be made
> to work at all in the presence of scoped addresses. I don't see any
> way to support a socket bound to fe80::1
On Mon, Aug 15, 2016 at 4:39 PM, YOSHIFUJI Hideaki
wrote:
>
> > and then in the various sendmsg functions:
> >
> > if (!inet_check_bound_oif(sk, oif))
> > return -EINVAL;
> >
>
> Yes, something like that.
There's another complication. inet6_bind and raw_bind take
sin6_scop
Lorenzo Colitti wrote:
> On Wed, Aug 10, 2016 at 7:44 AM, YOSHIFUJI Hideaki
> wrote:
>>
I could see a point of view that says when bound_if is in play sending
to destinations on/via other interfaces--by any mechanism--should
effectively get ENETUNREACH (or something).
>>>
>>> VRF
On 8/12/16 9:45 AM, Lorenzo Colitti wrote:
> On Wed, Aug 10, 2016 at 7:44 AM, YOSHIFUJI Hideaki
> wrote:
>>
I could see a point of view that says when bound_if is in play sending
to destinations on/via other interfaces--by any mechanism--should
effectively get ENETUNREACH (or someth
On Wed, Aug 10, 2016 at 7:44 AM, YOSHIFUJI Hideaki
wrote:
>
> >> I could see a point of view that says when bound_if is in play sending
> >> to destinations on/via other interfaces--by any mechanism--should
> >> effectively get ENETUNREACH (or something).
> >
> > VRF uses this capability to send o
David Ahern wrote:
> On 8/9/16 1:01 AM, Erik Kline wrote:
>> On 9 August 2016 at 14:20, David Miller wrote:
>>> From: Lorenzo Colitti
>>> Date: Tue, 9 Aug 2016 10:00:25 +0900
>>>
Note that pretty much every sendmsg codepath allows other data to take
precedence over sk_bound_dev_if:
>>
On 8/9/16 1:01 AM, Erik Kline wrote:
> On 9 August 2016 at 14:20, David Miller wrote:
>> From: Lorenzo Colitti
>> Date: Tue, 9 Aug 2016 10:00:25 +0900
>>
>>> Note that pretty much every sendmsg codepath allows other data to take
>>> precedence over sk_bound_dev_if:
>>>
>>> - udpv6_sendmsg: if sin
On Tue, Aug 9, 2016 at 6:36 PM, Hannes Frederic Sowa
wrote:
>> The use of sin6_scope_id and SO_BINDTODEVICE with different interfaces
>> is incorrect and should be rejected.
>
> I agree, I would actually change the behavior at this point, as it also
> could have security consequences from a networ
On 09.08.2016 10:37, YOSHIFUJI Hideaki wrote:
>
>
> Erik Kline wrote:
>> On 9 August 2016 at 14:20, David Miller wrote:
>>> From: Lorenzo Colitti
>>> Date: Tue, 9 Aug 2016 10:00:25 +0900
>>>
Note that pretty much every sendmsg codepath allows other data to take
precedence over sk_boun
Erik Kline wrote:
> On 9 August 2016 at 14:20, David Miller wrote:
>> From: Lorenzo Colitti
>> Date: Tue, 9 Aug 2016 10:00:25 +0900
>>
>>> Note that pretty much every sendmsg codepath allows other data to take
>>> precedence over sk_bound_dev_if:
>>>
>>> - udpv6_sendmsg: if sin6_scope_id specif
On 9 August 2016 at 14:20, David Miller wrote:
> From: Lorenzo Colitti
> Date: Tue, 9 Aug 2016 10:00:25 +0900
>
>> Note that pretty much every sendmsg codepath allows other data to take
>> precedence over sk_bound_dev_if:
>>
>> - udpv6_sendmsg: if sin6_scope_id specified on a scoped address
>> -
From: Lorenzo Colitti
Date: Tue, 9 Aug 2016 10:00:25 +0900
> Note that pretty much every sendmsg codepath allows other data to take
> precedence over sk_bound_dev_if:
>
> - udpv6_sendmsg: if sin6_scope_id specified on a scoped address
> - rawv6_sendmsg: if sin6_scope_id specified on a scoped add
On Tue, Aug 9, 2016 at 6:35 AM, David Miller wrote:
> We should always give sk_bound_dev_if the highest priority.
>
> Also, we should amend, not delete, the check against the scope
> ID in the sockaddr. As explained by YOSHIFUJI Hideaki.
Sure, I can do that.
Note that pretty much every sendmsg
On Tue, Aug 9, 2016 at 1:27 AM, David Ahern wrote:
> Your description states:
> "ping_v6_sendmsg never sets flowi6_oif, so it is not possible to
> ping an IPv6 address on a different interface."
>
> That code snippet above contradicts that -- flowi6_oif is set in
> ping_v6_sendmsg.
Ah, yes, than
From: Lorenzo Colitti
Date: Mon, 8 Aug 2016 16:42:07 +0900
> ping_v6_sendmsg never sets flowi6_oif, so it is not possible to
> ping an IPv6 address on a different interface. Instead, it sets
> flowi6_iif, which is incorrect but harmless. Also, it returns an
> error if a passed-in scope ID doesn'
On 8/8/16 10:24 AM, Lorenzo Colitti wrote:
> On Tue, Aug 9, 2016 at 12:27 AM, David Ahern wrote:
>>> - if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
>>> - fl6.flowi6_oif = np->mcast_oif;
>>> - else if (!fl6.flowi6_oif)
>>> - fl6.flowi6_oif = np->ucast_o
On Tue, Aug 9, 2016 at 12:27 AM, David Ahern wrote:
> > - if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
> > - fl6.flowi6_oif = np->mcast_oif;
> > - else if (!fl6.flowi6_oif)
> > - fl6.flowi6_oif = np->ucast_oif;
> > -
>
> That code removal is contrary t
Hi,
2016-08-08 23:45 GMT+09:00 Lorenzo Colitti :
> On Mon, Aug 8, 2016 at 11:26 PM, Hannes Frederic Sowa
> wrote:
>>> - if (sk->sk_bound_dev_if &&
>>> - sk->sk_bound_dev_if != u->sin6_scope_id) {
>>> - return -EINVAL;
>>> - }
>>
>> Hmm,
On 8/8/16 1:42 AM, Lorenzo Colitti wrote:
> ping_v6_sendmsg never sets flowi6_oif, so it is not possible to
> ping an IPv6 address on a different interface. Instead, it sets
> flowi6_iif, which is incorrect but harmless. Also, it returns an
> error if a passed-in scope ID doesn't match sk_bound_dev
On Mon, Aug 8, 2016 at 11:26 PM, Hannes Frederic Sowa
wrote:
>> - if (sk->sk_bound_dev_if &&
>> - sk->sk_bound_dev_if != u->sin6_scope_id) {
>> - return -EINVAL;
>> - }
>
> Hmm, sk->sk_bound_dev_if always has highest prio for the selectio
On 08.08.2016 09:42, Lorenzo Colitti wrote:
> ping_v6_sendmsg never sets flowi6_oif, so it is not possible to
> ping an IPv6 address on a different interface. Instead, it sets
> flowi6_iif, which is incorrect but harmless. Also, it returns an
> error if a passed-in scope ID doesn't match sk_bound_d
ping_v6_sendmsg never sets flowi6_oif, so it is not possible to
ping an IPv6 address on a different interface. Instead, it sets
flowi6_iif, which is incorrect but harmless. Also, it returns an
error if a passed-in scope ID doesn't match sk_bound_dev_if.
Get rid of the error, stop setting flowi6_ii
22 matches
Mail list logo
