| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090122063206.GA11818@gondor.apana.org.au>
Date: Thu, 22 Jan 2009 17:32:06 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: David Miller <davem@...emloft.net>
Cc: timo.teras@....fi, netdev@...r.kernel.org
Subject: Re: [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension
On Wed, Jan 21, 2009 at 10:21:12PM -0800, David Miller wrote:
>
> > I would not consider this a new feature. It just makes pfkey
> > act consistently. If you don't want it supported, it'd make
> > more sense to not #define SADB_X_EXT_NAT_T_OA and drop all of
> > the verification code already present than to silently
> > ignore it. Make kernel return an error if some tried using it.
>
> Fair enough, sounds like a reasonable argument.
>
> Herbert what do you think? The proposal is that we just reflect the
> value we get, rather than acting upon it.
The only references to SADB_X_EXT_NAT_T_OA in our kernel currently
are for the user => kernel direction. This patch does kernel =>
user so I don't see a connection.
In any case I just grabbed the latest ipsec-tools source and it
doesn't use this stuff at all so IMO this is a new feature.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists