| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20120906.141019.129727465932440024.davem@davemloft.net> Date: Thu, 06 Sep 2012 14:10:19 -0400 (EDT) From: David Miller <davem@...emloft.net> To: nicolas.dichtel@...nd.com Cc: vyasevich@...il.com, sri@...ibm.com, linux-sctp@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] sctp: check dst validity after IPsec operations From: Nicolas Dichtel <nicolas.dichtel@...nd.com> Date: Thu, 6 Sep 2012 13:40:29 -0400 > dst stored in struct sctp_transport needs to be recalculated when ipsec policy > are updated. We use flow_cache_genid for that. > > For example, if a SCTP connection is established and then an IPsec policy is > set, the old SCTP flow will not be updated and thus will not use the new > IPsec policy. > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> I don't like that SCTP need to perform special DST validation. The normal DST validation mechanism already in place should be sufficient. Otherwise this problem must exist in other protocols too, and fixing a tree wide issue privately inside of one protocol is not acceptable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists