[prev in list] [next in list] [prev in thread] [next in thread]
List: opensolaris-security-discuss
Subject: Re: [security-discuss] [networking-discuss] Reminder: Detangle code
From: Dan McDonald <danmcd () sun ! com>
Date: 2007-08-15 17:28:51
Message-ID: 20070815172851.GG22634 () kebe ! East ! Sun ! COM
[Download RAW message or body]
On Wed, Aug 15, 2007 at 11:29:50AM -0400, Sebastien Roy wrote:
> Hi Dan,
>
> Dan McDonald wrote:
> > http://cr.opensolaris.org/~danmcd/detangle/
>
> Two minor comments:
>
> ip.c:
>
> 12771: if we hit this condition (IP and UDP headers in separate mblks),
> it looks like we'll never check for ESP-in-UDP because we'll never call
> ip_udp_check(). We'll be kicked over to the "slow path" and directly to
> ip_fanout_udp() without passing go.
ip_fanout_udp() calls ip_fanout_udp_conn(), where we ALSO have a
zero_spi_check(). (In fact, it's this function's path that had an IRE
reference leak until VERY recently.)
You bring up, however, a good point that I need to possibly pullup further in
zero_spi_check().
> 17453,17455: did you mean ESP-in-UDP?
I sure did. Thanks!
Both webrevs are now being updated. They should be ready by the time most
people receive this e-mail.
Dan
_______________________________________________
security-discuss mailing list
security-discuss@opensolaris.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic