Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0

From: Leonard Crestez
Date: Thu Oct 14 2021 - 00:43:37 EST

Next message: Kees Cook: "Re: [PATCH v4 2/5] connector: use __get_task_comm in proc_comm_connector"
Previous message: Xin Long: "Re: [PATCH net] sctp: account stream padding length for reconf chunk"
In reply to: David Ahern: "Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0"
Next in thread: David Ahern: "Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/14/21 6:09 AM, David Ahern wrote:

On 10/13/21 12:50 AM, Leonard Crestez wrote:

Multiple VRFs are generally meant to be "separate" but right now md5
keys for the default VRF also affect connections inside VRFs if the IP
addresses happen to overlap.

So far the combination of TCP_MD5SIG_IFINDEX with tcpm_ifindex == 0

TCP_MD5SIG_IFINDEX does not exist in net-next and it was not added by
patch 1 or this patch.

Commit message is wrong, it should refer to TCP_MD5SIG_FLAG_IFINDEX.

--
Regards,
Leonard

Next message: Kees Cook: "Re: [PATCH v4 2/5] connector: use __get_task_comm in proc_comm_connector"
Previous message: Xin Long: "Re: [PATCH net] sctp: account stream padding length for reconf chunk"
In reply to: David Ahern: "Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0"
Next in thread: David Ahern: "Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]