lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46AF1996.7080401@trash.net>
Date:	Tue, 31 Jul 2007 13:14:30 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Joakim Koskela <joakim.koskela@...t.fi>
CC:	netdev@...r.kernel.org, David Miller <davem@...emloft.net>
Subject: Re: [PATCH net-2.6.22-rc7] xfrm beet interfamily support

Joakim Koskela wrote:
> On Tuesday 31 July 2007 13:51:42 Patrick McHardy wrote:
> 
>>Joakim Koskela wrote:
>>
>>>I'm not sure I really got this. IPv6/IPv4 means IPv6 inner, IPv4 outer,
>>>right? Isn't that called from xfrm4_output_one and subsequently passed
>>>through the right filters as well (as it has a ipv4 header by then)?
>>
>>I think you're right, it uses xfrm4_output. But there's a mismatch
>>in either case, in both cases (IPv4 and IPv6) we first call the
>>POSTROUTING hook for this family, than do the transform (changing
>>the family), then call the OUTPUT hook for the same family. So
>>either the POSTROUTING or the OUTPUT hook is called for the wrong
>>family.
> 
> 
> Ok, so changing int xfrm[46]_output(struct sk_buff*) to use the right PF & 
> hook based on the skb's [current] family should put things through the right 
> hoops, right?


Almost, in xfrm4_output the conditional calling of the hook should
only be done for IPv4 and the IPCB is not valid for IPv6 of course.
Speaking of which, shouldn't the entire cb be zeroed for interfamily
transforms? xfrm4_tunnel_output only clears out the options, and I
think your patch didn't touch it at all ..

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ