lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 28 Jan 2010 16:41:59 +0100
From:	Nicolas Dichtel <nicolas.dichtel@....6wind.com>
To:	Vlad Yasevich <vladislav.yasevich@...com>
CC:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	linux-sctp@...r.kernel.org
Subject: Re: [PATCH] sctp: IPsec rules are ineffective with ipv6

What about this one?

Only compilation tested.

xfrm_lookup() is missing in IPv6 output path. Call it when dst is build. Initial 
patch was written by Junwei Zhang <junwei.zhang@...nd.com>

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>

Le 28.01.2010 16:24, Vlad Yasevich a écrit :
> 
> David Miller wrote:
>> From: Nicolas Dichtel <nicolas.dichtel@....6wind.com>
>> Date: Wed, 27 Jan 2010 15:12:59 +0100
>>
>>> xfrm_lookup() is missing in sctp_v6_xmit(), add it.
>>>
>>> Signed-off-by: Junwei Zhang <junwei.zhang@...nd.com>
>>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
>> Doing this every transmit packet is overkill.
>>
>> Whatever calculates the route that ends up in skb_dst(skb)
>> should be making this xfrm_lookup() call, not here.
>>
> 
> 
> Hmm.. Interesting.  Looks like ip_route_output_key() will
> do xfrm_lookup for you, but there is no ipv6 route lookup call
> that will do the same thing.
> 
> I guess we'll need to add an xfrm_lookup call in sctp_v6_get_dst().
> 
> -vlad

View attachment "x2.diff" of type "text/x-diff" (811 bytes)

Powered by blists - more mailing lists