| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200131124948.GA32428@pc-61.home>
Date: Fri, 31 Jan 2020 13:49:48 +0100
From: Guillaume Nault <gnault@...hat.com>
To: James Chapman <jchapman@...alix.com>
Cc: Tom Parkin <tparkin@...alix.com>,
Ridge Kennedy <ridgek@...iedtelesis.co.nz>,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net] l2tp: Allow duplicate session creation with UDP
On Fri, Jan 31, 2020 at 08:12:01AM +0000, James Chapman wrote:
> On 30/01/2020 22:34, Guillaume Nault wrote:
> > To summarise my idea:
> >
> > * Short term plan:
> > Integrate a variant of Ridge's patch, as it's simple, can easily be
> > backported to -stable and doesn't prevent the future use of global
> > session IDs (as those will be specified with L2TP_ATTR_SCOPE).
> >
> > * Long term plan:
> > Implement L2TP_ATTR_SCOPE, a session attribute defining if the
> > session ID is global or scoped to the X-tuple (3-tuple for IP,
> > 5-tuple for UDP).
> > Original behaviour would be respected to avoid breaking existing
> > applications. So, by default, IP encapsulation would use global
> > scope and UDP encapsulation would use 5-tuple scope.
> >
> > Does that look like a good way forward?
>
> Yes, it sounds good to me.
>
> Your proposed approach of using only the session ID to do the session
> lookup but then optionally using the 3/5-tuple to scope it resolves my
> concerns.
>
Great! I'll ask Ridge to repost his patch then.
Thanks a lot.
Powered by blists - more mailing lists