lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 9 Apr 2013 20:31:30 +0300
From:	Daniel Baluta <daniel.baluta@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	steffen.klassert@...unet.com, nicolas.dichtel@...nd.com,
	herbert@...dor.apana.org.au, netdev@...r.kernel.org
Subject: Re: [RFC PATCH ipsec] xfrm: use the right dev to fill xdst

On Tue, Apr 9, 2013 at 8:21 PM, David Miller <davem@...emloft.net> wrote:
> From: Steffen Klassert <steffen.klassert@...unet.com>
> Date: Tue, 9 Apr 2013 14:47:35 +0200
>
>> Hm, inet6_init() registers addrconf_notify() as a netdevice notifier
>> function. So addrconf_notify() is called whenever a netdevice is
>> registered. When looking at addrconf_notify(), there are only two
>> cases when the net_device has no inet6_dev assigned. This is either
>> on error, or if the device mtu is smaller than IPV6_MIN_MTU (i.e. 1280).
>>
>> I can reproduce the behaviour you describe if I set the mtu of the
>> ipv4 device to a value below IPV6_MIN_MTU, but in no other case.
>>
>> Is it possible that your ipv4 device has a mtu below IPV6_MIN_MTU?
>
> Like Steffen I am also curious how you are able to create a device
> with no ipv6 device information attached, yet still have the ipv6
> module loaded to the point where the ipv6 ipsec paths can execute.
>
> If you're forcing this in an unnatural way or with localized changes,
> I don't think we have anything to really fix.

Hi Dave, Steffen,

As I mentioned earlier in this thread we are using some custom kernel
modules that create the interfaces.

It's likely that these interfaces, for memory saving purposes, to skip attaching
ipv6 device information.

Anyhow, i still think that there is something wrong with commit 25ee3286dcbc
([IPSEC]: Merge common code into xfrm_bundle_create).

The code for xfrm is not easy to understand, so for this reason i
pointed out the problem to Nicolas in
the first place.

Thanks a lot.

Daniel.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ