| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Jan 2009 09:38:20 -0800
From: "Paul Moore" <paul.moore@...trify.com>
To: "Patrick McHardy" <kaber@...sh.net>
Cc: "David Miller" <davem@...emloft.net>, <netdev@...r.kernel.org>
Subject: RE: port bound SAs
OK I misunderstood. Sorry
You are saying that the port number should be dropped by the pfkey /
xfrm interface - OK
This is actually what happens. (BTW this is fortunate - in a few cases
racoon accidentally passes down 500)
I meant that the consensus was that the wire behavior is wrong.
-----Original Message-----
From: Patrick McHardy [mailto:kaber@...sh.net]
Sent: Tuesday, January 27, 2009 9:29 AM
To: Paul Moore
Cc: David Miller; netdev@...r.kernel.org
Subject: Re: port bound SAs
Paul Moore wrote:
>>> I believe thats intentional, RFC2367 specifies to ignore port
> numbers except for larval states.
>
> the ietf ipsec list thinks thats not the case. The consensus there is
> that the port owns the SA (and thats what Windows, and solaris
actually
> do)
What does "think thats not the case" mean? Its clearly stated in
2.3.3. Address Extension:
...
The
zeroing of ports (e.g. sin_port and sin6_port) MUST be done for all
messages except for originating SADB_ACQUIRE messages, which SHOULD
fill them in with ports from the relevant TCP or UDP session which
generates the ACQUIRE message.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists