lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1196369374.4437.18.camel@localhost>
Date:	Thu, 29 Nov 2007 15:49:34 -0500
From:	jamal <hadi@...erus.ca>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	Patrick McHardy <kaber@...sh.net>
Subject: [PATCH 0/2] [IPSEC]: Reinject packet instead of calling netfilter
	directly on input

Herbert,

This is a simplified version of one of your earlier patches that never
made it in. I liked it so much that i reduced it to this and infact
given the cycles today, tested it (with transport and tunnel mode
only;->).

We re-inject a decrypted ipsec (other than tunnel mode) back and let it
bubble up the network stack. This improves debugability (since sniffers
like tcpdump can see the packet) and usability since ingress tc filters
can act on it.

Ive broken it down into two: IPv4 and IPV6. If you want to go through
the xfrm reinject() method, then I am gonna need more time to resubmit
or you be my guest and go for it and i will test it.

cheers,
jamal



-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ