| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jul 2007 18:00:19 +0200
From: Patrick McHardy <kaber@...sh.net>
To: joakim.koskela@...t.fi
CC: netdev@...r.kernel.org, David Miller <davem@...emloft.net>
Subject: Re: [PATCH net-2.6.22-rc7] xfrm beet interfamily support
Joakim Koskela wrote:
> On Monday 16 July 2007 21:47:40 Patrick McHardy wrote:
>
>>>diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
>>>index 44ef208..8db7910 100644
>>>--- a/net/ipv4/xfrm4_output.c
>>>+++ b/net/ipv4/xfrm4_output.c
>>>@@ -53,7 +53,8 @@ static int xfrm4_output_one(struct sk_buff *skb)
>>> goto error_nolock;
>>> }
>>>
>>>- if (x->props.mode == XFRM_MODE_TUNNEL) {
>>>+ if (x->props.mode == XFRM_MODE_TUNNEL ||
>>>+ x->props.mode == XFRM_MODE_BEET) {
>>> err = xfrm4_tunnel_check_size(skb);
>>
>>Its not a real tunnel and all packets are generated locally, why
>>does it need to send ICMPs?
>
>
> Guess not. I'll have to still trace through, but can probably be removed.
Just FYI: it does make a difference with netfilter since packets
may be NATed to match a policy, but thats a more general problem
that also affects transport mode and should be dealt with within
netfilter, possibly by propagating PMTU values amonst dst_entries.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists