| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Feb 2010 16:42:52 -0500
From: jamal <hadi@...erus.ca>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: regression due to "flush SAD/SPD generate false events"
On Wed, 2010-02-17 at 21:17 +0200, Alexey Dobriyan wrote:
> commit 19f4c7133fc1b94001b997c4843d0a9192ee63e5
> xfrm: Flushing empty SAD generates false events
>
> commit 0dca3a843632c2fbb6e358734fb08fc23e800f50
> xfrm: Flushing empty SPD generates false events
>
> setkey now takes several seconds to run this simple script
> and it spits "recv: Resource temporarily unavailable" messages.
I will try to reproduce it in about an hour. Do you have
anything like selinux being used etc?
BTW, the script seems a little strange because i think
the template wont match between the SA/SP.. (doesnt
matter if you are testing insertion/flushing)
Does the following look reasonable for testing?
----
#!/usr/sbin/setkey -f
flush;
spdflush;
add 192.168.1.2 192.168.1.3 ipcomp 44 -m tunnel -C deflate;
add 192.168.1.3 192.168.1.2 ipcomp 45 -m tunnel -C deflate;
spdadd 10.0.1.2 10.1.2.3 any -P in ipsec
ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
spdadd 10.1.2.3 10.0.1.2 any -P out ipsec
ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
-----
cheers,
jamal
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists