| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jan 2019 12:22:38 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Raed Salem <raeds@...lanox.com>
CC: Boris Pismenny <borisp@...lanox.com>,
Yossi Kuperman <yossiku@...lanox.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
"davem@...emloft.net" <davem@...emloft.net>
Subject: Re: [PATCH ipsec] xfrm: fix non-GRO codepath for IPsec hardware
offloading
On Mon, Jan 14, 2019 at 08:47:37AM +0000, Raed Salem wrote:
> > -----Original Message-----
> > From: Steffen Klassert [mailto:steffen.klassert@...unet.com]
> >
> > I'm thinking about removing the no_policy flag from the IPsec protocols to
> > actually do the inbound policy check for these protocols too, but have to
> > make sure that this has no side effects first.
> >
> > For HW offload, we should either refuse to do it if GRO is disabled, or to do
> > the inbound policy check against the inner headers (they are valid in this
> > case).
> thanks a lot for your valued comments,
> once the decision is made about the no_policy flag with IPsec including the desired behavior
> when HW offload present will may need to tweak the patch or discard it altogether,
> is this change is expected to be implemented anytime soon ?
I do it as soon as I know that I don't introduce some
other bug with this. It is on my todo list, should
not take for too long.
Powered by blists - more mailing lists