lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 18 Jul 2007 21:39:33 +0300
From:	Mika Penttilä <mika.penttila@...umbus.fi>
To:	Patrick McHardy <kaber@...sh.net>
CC:	Beschorner Daniel <Daniel.Beschorner@...ton.com>,
	netdev@...r.kernel.org
Subject: Re: pmtu discovery on SA

Patrick McHardy wrote:
> Mika Penttilä wrote:
>   
>> Patrick McHardy wrote:
>>
>>     
>>> Its a debugging message nowadays (NETDEBUG). I was mostly interested
>>> in this since I changed the IPsec MTU calculation in 2.6.22 and it
>>> might have been a bug.
>>>
>>>   
>>>       
>> And we don't have pmtu discovery for esp yet, right?
>>     
>
>
> We do. The best I have seen to date in any IPsec implementation :)
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>   
Hmm. esp4_err() looks like this :

    struct iphdr *iph = (struct iphdr*)skb->data;
    struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+(iph->ihl<<2));
    struct xfrm_state *x;

    if (icmp_hdr(skb)->type != ICMP_DEST_UNREACH ||
        icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
        return;

    x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, 
IPPROTO_ESP, AF_INET);
    if (!x)
        return;
    NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",
         ntohl(esph->spi), ntohl(iph->daddr));
    xfrm_state_put(x);



where could pmtu discovery be happening?

--Mika

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists