lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 19 Jul 2013 11:28:51 +0800
From:	Fan Du <>
To:	David Miller <>
CC:	<>, <>
Subject: Re: [DISCUSSION] rt6i_genid

On 2013年07月19日 11:18, David Miller wrote:
> From: Fan Du<>
> Date: Fri, 19 Jul 2013 08:01:47 +0800
>> On 2013年07月18日 23:12, Nicolas Dichtel wrote:
>>> Le 18/07/2013 11:28, Fan Du a écrit :
>>>> Thanks for replying :)
>>>> On 2013年07月18日 17:13, Nicolas Dichtel wrote:
>>>>> Le 18/07/2013 05:22, Fan Du a écrit :
>>>>>> Hello Nicolas
>>>>>> Commit 6f3118b571b8a4c06c7985dc3172c3526cb86253: "ipv6: use
>>>>>> net->rt_genid to
>>>>>> check dst validity"
>>>>>> makes ip6_dst_check to check rt6i_genid against with struct
>>>>>> net->rt_genid,
>>>>>> As a matter of fact, struct net->rt_genid could only be modified by
>>>>>> two places,
>>>>>> first is adding/delete IPv4 address, second is inserting new XFRM
>>>>>> policy.
>>>>>> Is there any other considerations that adding/deleting IPv4 address
>>>>>> would
>>>>>> invalid all IPv6 dst
>>>>>> as well? because I'm working a patch which actually depends on the
>>>>>> result of
>>>>>> this question.
>>>>> No, the goal was to cover the IPsec case, ie invalidate dst entries
>>>>> when an
>>>>> xfrm policy is inserted/deleted.
>>>> Ok, then how about we only checking rt6i_genid against rt_genid *only*
>>>> when XFRM is enabled for IPv6, because when XFRM is not enabled for
>>>> IPv6
>>>> ip6_dst_check for rt_genid is really not necessary.
>>>> So what do you think of below modifications?
>>> Seems good. Just a small comment below.
>> Will send v2 for your reviewing when net-next is reopen.
> Although it's a correct change, it is of almost no value.  %99.9999999
> of users will be running kernels with CONFIG_XFRM enabled.

Thanks. Good to know %99.99999999 users protect their networking with IPsec.

> So your savings are essentially for no-one.


To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists