| To: | Patrick McHardy <kaber@xxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles |
| From: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
| Date: | Mon, 7 Mar 2005 12:43:37 +1100 |
| Cc: | davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <422BB14A.5030302@xxxxxxxxx> |
| References: | <E1D7t0w-0008Qa-00@xxxxxxxxxxxxxxxxxxxxxxxx> <422AF8D0.3010905@xxxxxxxxx> <20050307012458.GA4335@xxxxxxxxxxxxxxxxxxx> <422BB14A.5030302@xxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.5.6+20040907i |
On Mon, Mar 07, 2005 at 02:41:30AM +0100, Patrick McHardy wrote: > > > >Actually, why do we need to treat tunnel mode differently here? > >In other words, why not just do the mark/tos checks unconditionally. > > Mainly to avoid excessive long lists of cached bundles in tunnel > mode. The use of a single list for the cache is questionable, but > the patch was supposed to fix a different issue. Restricting use > of tos/mark to transport mode avoids having exploding lists that > are easily remotely triggerable. That's a different problem. You can already create arbitrarily long bundle lists by spoofing src/dst addresses... Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
| Previous by Date: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Patrick McHardy |
|---|---|
| Next by Date: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Patrick McHardy |
| Previous by Thread: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Patrick McHardy |
| Next by Thread: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Patrick McHardy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |