lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 17 Jul 2007 18:00:19 +0200
From:	Patrick McHardy <>
CC:, David Miller <>
Subject: Re: [PATCH net-2.6.22-rc7] xfrm beet interfamily support

Joakim Koskela wrote:
> On Monday 16 July 2007 21:47:40 Patrick McHardy wrote:
>>>diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
>>>index 44ef208..8db7910 100644
>>>--- a/net/ipv4/xfrm4_output.c
>>>+++ b/net/ipv4/xfrm4_output.c
>>>@@ -53,7 +53,8 @@ static int xfrm4_output_one(struct sk_buff *skb)
>>> 			goto error_nolock;
>>> 	}
>>>-	if (x->props.mode == XFRM_MODE_TUNNEL) {
>>>+	if (x->props.mode == XFRM_MODE_TUNNEL ||
>>>+	    x->props.mode == XFRM_MODE_BEET) {
>>> 		err = xfrm4_tunnel_check_size(skb);
>>Its not a real tunnel and all packets are generated locally, why
>>does it need to send ICMPs?
> Guess not. I'll have to still trace through, but can probably be removed.

Just FYI: it does make a difference with netfilter since packets
may be NATed to match a policy, but thats a more general problem
that also affects transport mode and should be dealt with within
netfilter, possibly by propagating PMTU values amonst dst_entries.

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists