lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Aug 2011 08:49:45 +0300 From: Timo Teräs <timo.teras@....fi> To: krbmit siso <krbmit@...il.com> CC: netdev@...r.kernel.org, ipsec-tools-users@...ts.sourceforge.net, ipsec-tools-devel@...ts.sourceforge.net, ikev2-devel@...ts.sourceforge.net Subject: Re: protect raw sockets On 08/18/2011 06:01 PM, krbmit siso wrote: > After adding the below code in net/ipv4/raw.c in function raw_send_hdrinc() > I am able to see packet sent using RAW_SOCKET getting protected . > > Please let me know how can it be done better and provide it has a feature > , so that others can also use it if packet sent using RAW_SOCKET > needs to be protected. Raw sockets are raw sockets. They are used to send out network traffic that was captured earlier, or to generate test traffic. I don't think it makes any sense to apply XFRM policies to them: it might break the usage this API was intended for. The whole purpose of raw sockets is to bypass kernel side extra handling. To generate IPsec protected stuff use the normal APIs: regular UDP/TCP sockets. The same applies for sending/receiving IKE packets. You need regular UDP socket with IPsec bypass policy. What's your point in trying to use raw sockets? You should not need to use them unless you are implementing a packet capturer or a network traffic generator. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists