lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200710220955.53895.joakim.koskela@hiit.fi>
Date:	Mon, 22 Oct 2007 09:55:53 +0300
From:	Joakim Koskela <joakim.koskela@...t.fi>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	netdev@...r.kernel.org, davem@...emloft.net, kaber@...sh.net
Subject: Re: [PATCH] netdev: Reset ipv4 flags during bundle creation on interfamily ipsec

On Friday 19 October 2007 17:25:49 Herbert Xu wrote:
> Joakim Koskela <joakim.koskela@...t.fi> wrote:
> > I'm not sure I follow. This affects the ipv6 bundling only where the
> > struct (fl_tunnel) has previously been used for ipv6 addresses. Not that
> > we are using the same block for holding the ipv4 info, the tos-value is
> > really undefined before we reset it.
>
> You're right.  But sure the same bug could affect IPv4 as well
> if you had a 4-6-4 configuration.  Let me think about this one
> a bit more.

Hi, and thanks for the feedback. True, this one affects only one level of 
inter-family, and supporting more would require a lot more changes in the 
bundle creation (perhaps combining both versions and taking better into 
account the outer family of the last transformation..). 

Another quite annoying example of this is that 6 in 4 actually crashes the 
kernel on 64 bit, as xfrm_dst_lookup around xfrm6_policy.c:197 changes rt 
from a rt6_info to a rtable. On 64 bit, rt->rt61i_node will usually contain 
something (due to the larger pointer size), making the path_cookie assignment 
on line 208 crash.

I've been trying address this in a proper manner, but it hasn't really 
progressed quite the way I've wanted (..thus this shallow patch, just to make 
6-4 inter-work in most cases on the standard kernel). Needless to say, any 
work done for this would be greatly appreciated :)

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ