| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 May 2023 09:02:05 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski
<kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Eric Dumazet <edumazet@...gle.com>
Cc: Steffen Klassert <klassert@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH net] ipv{4,6}/raw: fix output xfrm lookup wrt protocol
Hi,
Le 11/05/2023 à 16:19, Nicolas Dichtel a écrit :
> With a raw socket bound to IPPROTO_RAW (ie with hdrincl enabled), the
> protocol field of the flow structure, build by raw_sendmsg() /
> rawv6_sendmsg()), is set to IPPROTO_RAW. This breaks the ipsec policy
> lookup when some policies are defined with a protocol in the selector.
>
> For ipv6, the sin6_port field from 'struct sockaddr_in6' could be used to
> specify the protocol. Just accept all values for IPPROTO_RAW socket.
>
> For ipv4, the sin_port field of 'struct sockaddr_in' could not be used
> without breaking backward compatibility (the value of this field was never
> checked). Let's add a new kind of control message, so that the userland
> could specify which protocol is used.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
The patch has been marked 'Awaiting Upstream' in the patchwork. But, I targeted
the 'net' tree.
Should I target the 'ipsec' tree? Or am I missing something?
Regards,
Nicolas
Powered by blists - more mailing lists