netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles

from [Patrick McHardy] [Permanent Link][Original]
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Mon, 07 Mar 2005 02:55:03 +0100
Cc: davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050307014337.GA4451@gondor.apana.org.au>
References: <E1D7t0w-0008Qa-00@gondolin.me.apana.org.au> <422AF8D0.3010905@trash.net> <20050307012458.GA4335@gondor.apana.org.au> <422BB14A.5030302@trash.net> <20050307014337.GA4451@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1
Herbert Xu wrote:
On Mon, Mar 07, 2005 at 02:41:30AM +0100, Patrick McHardy wrote: 

Mainly to avoid excessive long lists of cached bundles in tunnel
mode. The use of a single list for the cache is questionable, but
the patch was supposed to fix a different issue. Restricting use
of tos/mark to transport mode avoids having exploding lists that
are easily remotely triggerable.



That's a different problem.  You can already create arbitrarily
long bundle lists by spoofing src/dst addresses...


But I don't want to make it worse. The number is still restricted by
the scope of the selector, using tos and fwmark makes the worst case
a lot worse.

Regards
Patrick

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Next by Date:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Previous by Thread:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Next by Thread:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]