lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Mar 2010 22:58:50 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Timo Teräs <timo.teras@....fi> Cc: netdev@...r.kernel.org Subject: Re: [PATCH] xfrm: cache bundle lookup results in flow cache On Wed, Mar 17, 2010 at 04:16:21PM +0200, Timo Teräs wrote: > > The problem is if I have multipoint gre1 and policy that says > "encrypt all gre in transport mode". > > Thus for each public address, I get one bundle. But the > xfrm_lookup() is called for each packet because ipgre_tunnel_xmit() > calls ip_route_output_key() on per-packet basis. > > For my use-case it makes a huge difference. But if your traffic switches between those tunnels on each packet, we're back to square one, right? > Then we cannot maintain policy use time. But if it's not a > requirement, we could drop the policy from cache. I don't see why we can't maintain the policy use time if we did this, all you need is a back-pointer from the top xfrm_dst. > Also. With this and your recent flowi patch, I'm seeing pmtu > issues. Seems like xfrm_bundle_ok uses the original dst which > resulted in the creation of the bundle. Somehow that dst > does not get updated with pmtu... but the new dst used in > next xfrm_lookup for same target does have proper mtu. > I'm debugging right now why this is happening. Any ideas? The dynamic MTU is always maintained in a normal dst object in the IPv4 routing cache. Each xfrm_dst points to such a dst through xdst->route. If you were looking at the xfrm_dst's own MTU then that may well cause problems. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists