| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B61B047.10908@dev.6wind.com>
Date: Thu, 28 Jan 2010 16:41:59 +0100
From: Nicolas Dichtel <nicolas.dichtel@....6wind.com>
To: Vlad Yasevich <vladislav.yasevich@...com>
CC: David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
linux-sctp@...r.kernel.org
Subject: Re: [PATCH] sctp: IPsec rules are ineffective with ipv6
What about this one?
Only compilation tested.
xfrm_lookup() is missing in IPv6 output path. Call it when dst is build. Initial
patch was written by Junwei Zhang <junwei.zhang@...nd.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
Le 28.01.2010 16:24, Vlad Yasevich a écrit :
>
> David Miller wrote:
>> From: Nicolas Dichtel <nicolas.dichtel@....6wind.com>
>> Date: Wed, 27 Jan 2010 15:12:59 +0100
>>
>>> xfrm_lookup() is missing in sctp_v6_xmit(), add it.
>>>
>>> Signed-off-by: Junwei Zhang <junwei.zhang@...nd.com>
>>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
>> Doing this every transmit packet is overkill.
>>
>> Whatever calculates the route that ends up in skb_dst(skb)
>> should be making this xfrm_lookup() call, not here.
>>
>
>
> Hmm.. Interesting. Looks like ip_route_output_key() will
> do xfrm_lookup for you, but there is no ipv6 route lookup call
> that will do the same thing.
>
> I guess we'll need to add an xfrm_lookup call in sctp_v6_get_dst().
>
> -vlad
View attachment "x2.diff" of type "text/x-diff" (811 bytes)
Powered by blists - more mailing lists