| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5049E369.9060901@6wind.com> Date: Fri, 07 Sep 2012 14:07:05 +0200 From: Nicolas Dichtel <nicolas.dichtel@...nd.com> To: Vlad Yasevich <vyasevich@...il.com> CC: sri@...ibm.com, linux-sctp@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] sctp: check dst validity after IPsec operations Le 06/09/2012 18:04, Vlad Yasevich a écrit : > On 09/06/2012 01:40 PM, Nicolas Dichtel wrote: >> dst stored in struct sctp_transport needs to be recalculated when ipsec policy >> are updated. We use flow_cache_genid for that. >> >> For example, if a SCTP connection is established and then an IPsec policy is >> set, the old SCTP flow will not be updated and thus will not use the new >> IPsec policy. >> >> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> > > why doesn't this need to be done for TCP? What makes SCTP special in this case? > > ip_queue_xmit does an __sk_dst_check() which is essentially what > sctp_transport_dst_check() does. That should determine if the currently cached > route is valid or not. > > Looks like sctp may need to change to using ip_route_output_ports() call > as ip_route_output_key may not do all that is necessary I try, but it doesn't solve the problem. In fact, it seems better to use ip_route_output_ports(), would you like me to send a patch? Regards, Nicolas -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists