lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 30 Nov 2007 09:16:43 -0600
From:	Joy Latten <latten@...tin.ibm.com>
To:	Paul Moore <paul.moore@...com>
Cc:	linux-audit@...hat.com, Joy Latten <latten@...ibm.com>,
	Steve Grubb <sgrubb@...hat.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	netdev@...r.kernel.org
Subject: Re: [PATCH] XFRM: SPD auditing fix to include the
	netmask/prefix-length

On Fri, 2007-11-30 at 09:51 -0500, Paul Moore wrote:
> On Thursday 29 November 2007 8:45:46 am Paul Moore wrote:
> > On Thursday 29 November 2007 5:34:59 am Herbert Xu wrote:
> > > On Mon, Nov 26, 2007 at 07:55:12PM +0000, Paul Moore wrote:
> > > > Currently the netmask/prefix-length of an IPsec SPD entry is not
> > > > included in any of the SPD related audit messages.  This can cause a
> > > > problem when the audit log is examined as the netmask/prefix-length is
> > > > vital in determining what network traffic is affected by a particular
> > > > SPD entry. This patch fixes this problem by adding two additional
> > > > fields, "src_prefixlen" and "dst_prefixlen", to the SPD audit messages
> > > > to indicate the source and destination netmasks.  These new fields are
> > > > only included in the audit message when the netmask/prefix-length is
> > > > less than the address length, i.e. the SPD entry applies to a network
> > > > address and not a host address.
> > >
> > > Any reason why we don't just always include them?
> >
> > The audit folks seem to be very sensitive to the size/length of the audit
> > messages, they prefer they be as small as possible.  I thought that one way
> > to save space would be to only print the prefix length information when the
> > address referred to a network and not a single host.
> >
> > Would you prefer it if the prefix length information was always included in
> > the audit message?  Joy?  Audit folks?
> 
> Steve and/or Joy, could we get a verdict on this issue?  The lack of a netmask 
> in the SPD audit messages is pretty serious so I'd like to see this fixed as 
> soon as possible.
> 
I think Steve may be able to answer this much better than I can in 
regards to audit. In my opinion having the netmask is good.

regards,
Joy
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ