netdev
[Top] [All Lists]

Re: [AH6] Disallow mutable bits after AH header

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [AH6] Disallow mutable bits after AH header
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Fri, 23 Jul 2004 13:37:37 -0700
Cc: kazunori@xxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040723135320.GA26000@gondor.apana.org.au>
References: <20040723135320.GA26000@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
On Fri, 23 Jul 2004 23:53:21 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> As we discussed before, mutable headers should not be allowed after
> the AH header.  In fact, this appears to be the intention of RFC 2402.
> It is further clarified in section 3.1.1 of
> 
> http://www.ietf.org/internet-drafts/draft-ietf-ipsec-rfc2402bis-07.txt
> 
> This allows us to simplify the code in ah6.c.  As a result, this also
> fixes the following issues:
> 
> * Dependence on skb->h in ah6_output().
> * Bogus clearing of auth_data of 2nd AH header in 
> ipv6_clear_mutable_options().

Applied, thanks Herbert.

<Prev in Thread] Current Thread [Next in Thread>