| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Jan 2014 11:41:09 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, eric.dumazet@...il.com, steffen.klassert@...unet.com Subject: Re: [PATCH net-next 1/2] ipv4: add forwarding_uses_pmtu knob to protect forward path to use pmtu info Hi David! On Mon, Dec 30, 2013 at 10:20:44PM -0500, David Miller wrote: > The only thing left are things like AH and ESP, which also perform > some level of validation making sure that some state exists. And > frankly for non-tunneled IPSEC this PMTU information is absolutely > essential. I am trying to finish the testing of these patches with ipsec. What do you mean here by non-tunneled IPSEC? Transport mode is not an issue with this patch as we don't push packets for transport mode through forwarding. Tunneled mode would invoke fragmentation again. It is always ensured that mtu in ip_forward is higher than when xfrm layer checks with dst_mtu, so nothing should break here. Thank you, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists