| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 01 Nov 2008 21:12:21 -0700 (PDT) From: David Miller <davem@...emloft.net> To: nicolas.dichtel@....6wind.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH RFC] xfrm6: handling fragment From: Nicolas Dichtel <nicolas.dichtel@....6wind.com> Date: Fri, 31 Oct 2008 18:18:01 +0100 > RFC4301 Section 7.1 says: > > "7.1. Tunnel Mode SAs that Carry Initial and Non-Initial Fragments > > All implementations MUST support tunnel mode SAs that are configured > to pass traffic without regard to port field (or ICMP type/code or > Mobility Header type) values. If the SA will carry traffic for > specified protocols, the selector set for the SA MUST specify the > port fields (or ICMP type/code or Mobility Header type) as ANY. An > SA defined in this fashion will carry all traffic including initial > and non-initial fragments for the indicated Local/Remote addresses > and specified Next Layer protocol(s)." > > But for IPv6, fragment is treated as a protocol. Would the following patch be acceptable to catch protocol transported in fragmented packet? > In IPv4, there is no problem. > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> This seems good, I've applied this to net-next-2.6 Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists