lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20130718.201801.1591610112107900505.davem@davemloft.net>
Date:	Thu, 18 Jul 2013 20:18:01 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	fan.du@...driver.com
Cc:	nicolas.dichtel@...nd.com, netdev@...r.kernel.org
Subject: Re: [DISCUSSION] rt6i_genid

From: Fan Du <fan.du@...driver.com>
Date: Fri, 19 Jul 2013 08:01:47 +0800

> 
> 
> On 2013年07月18日 23:12, Nicolas Dichtel wrote:
>> Le 18/07/2013 11:28, Fan Du a écrit :
>>>
>>> Thanks for replying :)
>>>
>>> On 2013年07月18日 17:13, Nicolas Dichtel wrote:
>>>> Le 18/07/2013 05:22, Fan Du a écrit :
>>>>> Hello Nicolas
>>>>>
>>>>> Commit 6f3118b571b8a4c06c7985dc3172c3526cb86253: "ipv6: use
>>>>> net->rt_genid to
>>>>> check dst validity"
>>>>> makes ip6_dst_check to check rt6i_genid against with struct
>>>>> net->rt_genid,
>>>>> As a matter of fact, struct net->rt_genid could only be modified by
>>>>> two places,
>>>>> first is adding/delete IPv4 address, second is inserting new XFRM
>>>>> policy.
>>>>>
>>>>> Is there any other considerations that adding/deleting IPv4 address
>>>>> would
>>>>> invalid all IPv6 dst
>>>>> as well? because I'm working a patch which actually depends on the
>>>>> result of
>>>>> this question.
>>>> No, the goal was to cover the IPsec case, ie invalidate dst entries
>>>> when an
>>>> xfrm policy is inserted/deleted.
>>>
>>> Ok, then how about we only checking rt6i_genid against rt_genid *only*
>>> when XFRM is enabled for IPv6, because when XFRM is not enabled for
>>> IPv6
>>> ip6_dst_check for rt_genid is really not necessary.
>>>
>>> So what do you think of below modifications?
>> Seems good. Just a small comment below.
> 
> Will send v2 for your reviewing when net-next is reopen.

Although it's a correct change, it is of almost no value.  %99.9999999
of users will be running kernels with CONFIG_XFRM enabled.

So your savings are essentially for no-one.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ