| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101004083306.GA17939@gondor.apana.org.au> Date: Mon, 4 Oct 2010 16:33:06 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Arnaud Ebalard <arno@...isbad.org> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <eric.dumazet@...il.com>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, netdev@...r.kernel.org Subject: Re: [PATCHv4 net-next-2.6 1/5] XFRM,IPv6: Remove xfrm_spi_hash() dependency on destination address On Mon, Oct 04, 2010 at 08:25:07AM +0200, Arnaud Ebalard wrote: > > At the moment, Linux XFRM stack includes the address when computing > the hash to perform state lookup by SPI. This patch changes XFRM > state hash computation to prevent destination address to be > used. This will later allow finding states for packets w/ mangled > destination addresses. I'm fine with doing this for inbound SAs. However, I can't see how we can do this for outbound SAs where the SPI is chosen by the remote end. Incidentally, it appears that our hash could do with some strengthening. Cheers, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists