| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Oct 2020 17:11:47 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Xin Long <lucien.xin@...il.com>
Cc: Steffen Klassert <steffen.klassert@...unet.com>,
David Miller <davem@...emloft.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
network dev <netdev@...r.kernel.org>
Subject: Re: [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels
processing with .cb_handler
Le 03/10/2020 à 11:41, Xin Long a écrit :
[snip]
> When xfrmi processes the ipip packets, it does the state lookup and xfrmi
> device lookup both in xfrm_input(). When either of them fails, instead of
> returning err and continuing the next .handler in tunnel4_rcv(), it would
> drop the packet and return 0.
>
> It's kinda the same as xfrm_tunnel_rcv() and xfrm6_tunnel_rcv().
>
> So the safe fix is to lower the priority of xfrmi .handler but it should
> still be higher than xfrm_tunnel_rcv() and xfrm6_tunnel_rcv(). Having
> xfrmi loaded will only break IPCOMP, and it's expected. I'll post a fix:
Thanks. This patch fixes my test cases.
Regards,
Nicolas
Powered by blists - more mailing lists