On Tue, 2019-07-23 at 11:02 -0700, Stephen Hemminger wrote: > > There are some cases where netlink related to IPv4 does not send nested > flag. You risk breaking older iproute2 and other tools being used on newer > kernel. I.e this patch may break binary compatibility. Have you tried running > with this on a very old distro (like Redhat Linux 9)?
There are *tons* of places where this (and other things) wasn't done right, but the validation is only added for * all attributes on _new operations_ (that old userspace couldn't have been using since they're introduced after this patch) * _new attributes_ (dito, if the policy 'strict start' is filled) johannes
