| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131121121732.GE31491@secunet.com> Date: Thu, 21 Nov 2013 13:17:32 +0100 From: Steffen Klassert <steffen.klassert@...unet.com> To: Fan Du <fan.du@...driver.com> Cc: Saurabh Mohan <saurabh.mohan@...cade.com>, Christophe Gouault <christophe.gouault@...nd.com>, "David S. Miller" <davem@...emloft.net>, Herbert Xu <herbert@...dor.hengli.com.au>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Sergei Shtylyov <sergei.shtylyov@...entembedded.com>, Eric Dumazet <eric.dumazet@...il.com> Subject: Re: [PATCH net v3] vti: fix spd lookup: match plaintext pkt, not ipsec pkt On Tue, Nov 19, 2013 at 05:16:34PM +0800, Fan Du wrote: > > Or the VTI tunnel is the only tunnel with this specific source/destination address > in the production deployment. Again the upper layer 4 will check the policy after > all, that's the right place to do the policy checking. > > So IMO, it's unnecessary to check policy for a net_device like VTI, actually I hold > a patch of removing the VTI policy checking due to net-next closure for the moment. > Please keep in mind that this will change the lookup from the IPsec traffic to the plaintext traffic, like Christophe proposed to do. This means that the transmit side has to be changed too. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists