lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Nov 2010 21:15:12 +0200
From:	David Shwatrz <dshwatrz@...il.com>
To:	Timo Teräs <timo.teras@....fi>
Cc:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [net-next-2.6] XFRM: remove unused member in xfrm_encap_tmpl.

Hi,
Thanks, Timo.

But isn't something wrong here ?

According to RFC 3948:
...
3.1.2.  Transport Mode Decapsulation NAT Procedure

When a transport mode has been used to transmit packets, contained
   TCP or UDP headers will have incorrect checksums due to the change of
   parts of the IP header during transit.  This procedure defines how to
   fix these checksums
...
incrementally recompute the
       TCP/UDP checksum:

       *  Subtract the IP source address in the received packet from the
          checksum.
       *  Add the real IP source address received via IKE to the
          checksum (obtained from the NAT-OA)
...

So where do we pass the NAT-OA, received from IKE messages,  to this
checksum recalculation process, which should be done in the kernel
(layer 4 TCP/UDP I suppose) ?

Should'nt this process be done in the kernel ?

Isn't there something missing here ?

Rgs,
DS

2010/11/29 Timo Teräs <timo.teras@....fi>:
> On 01/-10/-28163 09:59 PM, David Shwatrz wrote:
>> Hi,
>>  The patch removes unused member in xfrm_encap_tmpl.
>>
>> Regards,
>> David Shwartz
>>
>>
>> Signed-off-by: David Shwartz <dshwatrz@...il.com>
>>
>>
>> diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
>> index b971e38..7312707 100644
>> --- a/include/linux/xfrm.h
>> +++ b/include/linux/xfrm.h
>> @@ -235,7 +235,6 @@ struct xfrm_encap_tmpl {
>>       __u16           encap_type;
>>       __be16          encap_sport;
>>       __be16          encap_dport;
>> -     xfrm_address_t  encap_oa;
>>  };
>>
>>  /* AEVENT flags  */
>
> struct xfrm_encap_tmpl is exposed to userland via netlink. This would
> break ABI.
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ