| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZheP3faYW214zYpB@gauss3.secunet.de> Date: Thu, 11 Apr 2024 09:23:09 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Paul Wouters <paul@...ats.ca> CC: Sabrina Dubroca <sd@...asysnail.net>, Nicolas Dichtel <nicolas.dichtel@...nd.com>, <antony.antony@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, <devel@...ux-ipsec.org>, Leon Romanovsky <leon@...nel.org>, Eyal Birger <eyal.birger@...il.com> Subject: Re: [devel-ipsec] [PATCH ipsec-next v9] xfrm: Add Direction to the SA in or out On Wed, Apr 10, 2024 at 09:52:36AM -0400, Paul Wouters wrote: > On Wed, 10 Apr 2024, Sabrina Dubroca via Devel wrote: > > > 2024-04-10, 10:37:27 +0200, Nicolas Dichtel wrote: > > > Le 10/04/2024 à 10:17, Sabrina Dubroca a écrit : > > > [snip] > > > >> Why isn't it possible to restrict the use of an input SA to the input path and > > > >> output SA to xmit path? > > > > > Because nobody has written a patch for it yet :) > > > > For me, it should be done in this patch/series ;-) > > > > Sounds good to me. > > If this is not the case currently, what happens when our own generated > SPI clashes with a peer generated SPI? Could it be we end up using the > wrong SA state? No, the kernel will reject to insert a second identical SPI.
Powered by blists - more mailing lists