| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160617102429.GH7698@gauss.secunet.com>
Date: Fri, 17 Jun 2016 12:24:29 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Blair Steven <Blair.Steven@...iedtelesis.co.nz>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>
Subject: Re: [PATCH] IPsec NAT-T issue
On Wed, Jun 15, 2016 at 12:44:54AM +0000, Blair Steven wrote:
> The restoration is happening - but being actioned on the wrong location.
>
> The destination IP address is being saved and restored, and the SPI
> being written directly after the destination IP address. From my
> understanding though, the ESN shuffling should have saved and restored
> the UDP source / dest ports + SPI.
Yes, looks like we copy with a wrong offset if udp encapsulation
is used, skb_transport_header() does not point to the esp header
in this case. Ccing Herbert, he changed this part when switching
to the new AEAD interface with
commit 7021b2e1cddd ("esp4: Switch to new AEAD interface").
>
> -Blair
>
> On 06/13/2016 10:20 PM, Steffen Klassert wrote:
> > On Mon, Jun 13, 2016 at 11:48:13AM +1200, Blair Steven wrote:
> >> During testing we have discovered an issue with IPsec NAT-T where the SPI
> >> is over writing the source and dest ports of the UDP header.
> > The headers should be restored after the crypto operation in
> > esp_restore_header(). Does this not happen in your case? What
> > kind of problem do you experience?
> >
Powered by blists - more mailing lists