lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20071212.104516.111707350.davem@davemloft.net>
Date:	Wed, 12 Dec 2007 10:45:16 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	herbert@...dor.apana.org.au
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH 3/3] [IPSEC]: Add ICMP host relookup support

From: Herbert Xu <herbert@...dor.apana.org.au>
Date: Wed, 12 Dec 2007 09:58:01 +0800

> [IPSEC]: Add ICMP host relookup support
> 
> RFC 4301 requires us to relookup ICMP traffic that does not match any
> policies using the reverse of its payload.  This patch implements this
> for ICMP traffic that originates from or terminates on localhost.
> 
> This is activated on outbound with the new policy flag XFRM_POLICY_ICMP,
> and on inbound by the new state flag XFRM_STATE_ICMP.
> 
> On inbound the policy check is now performed by the ICMP protocol so
> that it can repeat the policy check where necessary.
> 
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
 ...
> @@ -268,6 +268,7 @@ extern void		dst_init(void);
>  /* Flags for xfrm_lookup flags argument. */
>  enum {
>  	XFRM_LOOKUP_WAIT = 1 << 0,
> +	XFRM_LOOKUP_ICMP = 1 << 1,
>  };
>  
>  struct flowi;

Sigh :-(  Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ