| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXyV028imsUPWSyq@krikkit> Date: Fri, 30 Jan 2026 12:28:19 +0100 From: Sabrina Dubroca <sd@...asysnail.net> To: Antony Antony <antony.antony@...unet.com> Cc: Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org, "David S . Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Chiachang Wang <chiachangwang@...gle.com>, Yan Yan <evitayan@...gle.com>, devel@...ux-ipsec.org, Simon Horman <horms@...nel.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH ipsec-next v5 3/8] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP 2026-01-27, 11:42:40 +0100, Antony Antony wrote: > The current code prevents migrating an SA from UDP encapsulation to > plain ESP. This is needed when moving from a NATed path to a non-NATed > one, for example when switching from IPv4+NAT to IPv6. > > Only copy the existing encapsulation during migration if the encap > attribute is explicitly provided. Are we sure nobody out there relies on this behavior (silently copying the existing UDP encap without having to explicitly request it in the MIGRATE request)? If there are, this patch would break their setup by clearing the encap that they expect to still be present. -- Sabrina
Powered by blists - more mailing lists