lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 19 Jul 2013 11:28:51 +0800
From:	Fan Du <fan.du@...driver.com>
To:	David Miller <davem@...emloft.net>
CC:	<nicolas.dichtel@...nd.com>, <netdev@...r.kernel.org>
Subject: Re: [DISCUSSION] rt6i_genid



On 2013年07月19日 11:18, David Miller wrote:
> From: Fan Du<fan.du@...driver.com>
> Date: Fri, 19 Jul 2013 08:01:47 +0800
>
>>
>>
>> On 2013年07月18日 23:12, Nicolas Dichtel wrote:
>>> Le 18/07/2013 11:28, Fan Du a écrit :
>>>>
>>>> Thanks for replying :)
>>>>
>>>> On 2013年07月18日 17:13, Nicolas Dichtel wrote:
>>>>> Le 18/07/2013 05:22, Fan Du a écrit :
>>>>>> Hello Nicolas
>>>>>>
>>>>>> Commit 6f3118b571b8a4c06c7985dc3172c3526cb86253: "ipv6: use
>>>>>> net->rt_genid to
>>>>>> check dst validity"
>>>>>> makes ip6_dst_check to check rt6i_genid against with struct
>>>>>> net->rt_genid,
>>>>>> As a matter of fact, struct net->rt_genid could only be modified by
>>>>>> two places,
>>>>>> first is adding/delete IPv4 address, second is inserting new XFRM
>>>>>> policy.
>>>>>>
>>>>>> Is there any other considerations that adding/deleting IPv4 address
>>>>>> would
>>>>>> invalid all IPv6 dst
>>>>>> as well? because I'm working a patch which actually depends on the
>>>>>> result of
>>>>>> this question.
>>>>> No, the goal was to cover the IPsec case, ie invalidate dst entries
>>>>> when an
>>>>> xfrm policy is inserted/deleted.
>>>>
>>>> Ok, then how about we only checking rt6i_genid against rt_genid *only*
>>>> when XFRM is enabled for IPv6, because when XFRM is not enabled for
>>>> IPv6
>>>> ip6_dst_check for rt_genid is really not necessary.
>>>>
>>>> So what do you think of below modifications?
>>> Seems good. Just a small comment below.
>>
>> Will send v2 for your reviewing when net-next is reopen.
>
> Although it's a correct change, it is of almost no value.  %99.9999999
> of users will be running kernels with CONFIG_XFRM enabled.

Thanks. Good to know %99.99999999 users protect their networking with IPsec.

> So your savings are essentially for no-one.

-- 
浮沉随浪只记今朝笑

--fan
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists