From: Paul Moore <paul.moore@hp.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, linux-audit@redhat.com, latten@austin.ibm.com
Subject: Re: [PATCH 2/3] XFRM: RFC4303 compliant auditing
Date: Fri, 21 Dec 2007 08:51:22 -0500 [thread overview]
Message-ID: <200712210851.22521.paul.moore@hp.com> (raw)
In-Reply-To: <200712210827.24063.paul.moore@hp.com>
On Friday 21 December 2007 8:27:23 am Paul Moore wrote:
> On Friday 21 December 2007 4:43:10 am David Miller wrote:
> > From: Paul Moore <paul.moore@hp.com>
> > Date: Thu, 20 Dec 2007 16:42:25 -0500
> >
> > > This patch adds a number of new IPsec audit events to meet the auditing
> > > requirements of RFC4303. This includes audit hooks for the following
> > > events:
> > >
> > > * Could not find a valid SA [sections 2.1, 3.4.2]
> > > . xfrm_audit_state_notfound()
> > > . xfrm_audit_state_notfound_simple()
> > >
> > > * Sequence number overflow [section 3.3.3]
> > > . xfrm_audit_state_replay_overflow()
> > >
> > > * Replayed packet [section 3.4.3]
> > > . xfrm_audit_state_replay()
> > >
> > > * Integrity check failure [sections 3.4.4.1, 3.4.4.2]
> > > . xfrm_audit_state_icvfail()
> > >
> > > While RFC4304 deals only with ESP most of the changes in this patch
> > > apply to IPsec in general, i.e. both AH and ESP. The one case,
> > > integrity check failure, where ESP specific code had to be modified the
> > > same was done to the AH code for the sake of consistency.
> > >
> > > Signed-off-by: Paul Moore <paul.moore@hp.com>
> >
> > This doesn't apply at all to net-2.6.25, in particular
> > xfrm6_input_addr() doesn't even have a local variable
> > named "xfrm_vec_one" let alone the conditional where you're
> > adding the state notfound audit hook.
> >
> > Please respin this and the third patch, thanks.
>
> Sorry about that, I must have missed something (or probably just updated
> the wrong tree on accident). I'll respin the patches and send them out
> today.
Ah, looks like I may not be crazy after all! It looks like the XFRM patches
from Masahide NAKAMURA were pulled into net-2.6.25 just before mine last
night which caused my patches to conflict ...
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2007-12-21 13:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-20 21:42 [PATCH 0/3] XFRM audit fixes/additions for net-2.6.25 Paul Moore
2007-12-20 21:42 ` [PATCH 1/3] XFRM: Assorted IPsec fixups Paul Moore
2007-12-20 22:25 ` James Morris
2007-12-21 4:49 ` David Miller
2007-12-20 21:42 ` [PATCH 2/3] XFRM: RFC4303 compliant auditing Paul Moore
2007-12-20 22:27 ` James Morris
2007-12-21 9:43 ` David Miller
2007-12-21 13:27 ` Paul Moore
2007-12-21 13:51 ` Paul Moore [this message]
2007-12-21 14:02 ` David Miller
2007-12-21 14:22 ` Paul Moore
2007-12-20 21:42 ` [PATCH 3/3] XFRM: Drop packets when replay counter would overflow Paul Moore
2007-12-20 22:28 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200712210851.22521.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=davem@davemloft.net \
--cc=latten@austin.ibm.com \
--cc=linux-audit@redhat.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.