lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Oct 2020 17:11:47 +0200 From: Nicolas Dichtel <nicolas.dichtel@...nd.com> To: Xin Long <lucien.xin@...il.com> Cc: Steffen Klassert <steffen.klassert@...unet.com>, David Miller <davem@...emloft.net>, Herbert Xu <herbert@...dor.apana.org.au>, network dev <netdev@...r.kernel.org> Subject: Re: [PATCH 10/19] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler Le 03/10/2020 à 11:41, Xin Long a écrit : [snip] > When xfrmi processes the ipip packets, it does the state lookup and xfrmi > device lookup both in xfrm_input(). When either of them fails, instead of > returning err and continuing the next .handler in tunnel4_rcv(), it would > drop the packet and return 0. > > It's kinda the same as xfrm_tunnel_rcv() and xfrm6_tunnel_rcv(). > > So the safe fix is to lower the priority of xfrmi .handler but it should > still be higher than xfrm_tunnel_rcv() and xfrm6_tunnel_rcv(). Having > xfrmi loaded will only break IPCOMP, and it's expected. I'll post a fix: Thanks. This patch fixes my test cases. Regards, Nicolas
Powered by blists - more mailing lists