lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20131205105857.GV31491@secunet.com>
Date:	Thu, 5 Dec 2013 11:58:57 +0100
From:	Steffen Klassert <steffen.klassert@...unet.com>
To:	Hangbin Liu <liuhangbin@...il.com>
Cc:	Christophe Gouault <christophe.gouault@...nd.com>,
	network dev <netdev@...r.kernel.org>,
	Cong Wang <xiyou.wangcong@...il.com>,
	Saurabh Mohan <saurabh.mohan@...tta.com>
Subject: Re: [PATCH] vti: remove GRE_KEY flag for vti tunnel

On Thu, Dec 05, 2013 at 05:47:41PM +0800, Hangbin Liu wrote:
> On Wed, Dec 04, 2013 at 01:46:40PM +0100, Christophe Gouault wrote:
> > Hello Hangbin,
> > 
> > vti interfaces precisely need an o_key to be configured (it must be set
> > to the mark of ipsec policies attached to this interface). Consequently,
> > this flag must not be removed.
> 
> I saw the o_key was used here, do you mean this? I'm not clearly understand
> xfrm4_policy_check(), does it really need GRE_KEY? or any value is ok?

It does not need GRE_KEY at all, this flag is not even set on vti
tunnels. The vti key is just a mark that will be set on the skb.
It is used to match the right policy for that tunnel, so the policy
that should match must be configured to have the same mark.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ