| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20140708.193536.1470966008910828465.davem@davemloft.net> Date: Tue, 08 Jul 2014 19:35:36 -0700 (PDT) From: David Miller <davem@...emloft.net> To: ixaphire@...tor.net Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] ip_tunnel: fix ip_tunnel_lookup From: Dmitry Popov <ixaphire@...tor.net> Date: Wed, 9 Jul 2014 04:47:59 +0400 > How I see ip_tunnel_lookup logic: > 1) try to find exact match (and if found return this tunnel): > tunnel.saddr == iph.daddr && tunnel.daddr == iph.saddr && key_matched() > 2) try to find matched (local) wildcard tunnel: > tunnel.saddr == any && tunnel.daddr == iph.saddr && key_matched() > 3) try to find matched (remote) wildcard tunnel: > tunnel.saddr == iph.daddr && tunnel.daddr == any && key_matched() > (there is also a test for multicast tunnel, but let's skip it for simplicity) > 4) try to find matched (full) wildcard tunnel: > tunnel.saddr == any && tunnel.daddr == any && key_matched() > 5) if nothing found return default tunnel. > > According to this logic, in 4th loop (the one you quoted) we have to test that > tunnel.daddr == any && tunnel.saddr == any. In my opinion those two new lines > are the best way to achieve it. Now it makes sense, thanks for explaining. Applied and queued up for -stable, thanks again. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists