Re: Minor IPSec bug + solution

From: Martin Bouzek
Date: Mon Sep 20 2004 - 02:49:00 EST

Next message: William Lee Irwin III: "Re: 2.6.9-rc2-mm1"
Previous message: Francois Romieu: "Re: 2.6.9-rc1-bk11+ and 2.6.9-rc1-mm3,4 r8169: freeze during boot (FIX included)"
In reply to: Herbert Xu: "Re: Minor IPSec bug + solution"
Next in thread: Herbert Xu: "Re: Minor IPSec bug + solution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2004-09-17 at 12:27, Herbert Xu wrote:
> On Fri, Sep 17, 2004 at 11:26:13AM +0200, Martin Bouzek wrote:
> >
> > > > function. For tunnels it returns
> > > >
> > > > tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, family);
> >
> > Well, I am not expierienced with the networking kernel code,
> > nevertheless I still think the check is not correct.
>
> If you change the && to ||, then an ESP tunnel SA marked as required
> can be matched by a simple IPIP SA with the same addresses.

Ok. And would it be possible to check the protocols too (eg.
tmpl->id.proto == x->id.proto)? If it is realy not possible to make the
IPComp/required tunnel to work, it would be nice to mention it in for
example the setkey man page. It could save quite lot of time to some
people. (like me :-) ).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Lee Irwin III: "Re: 2.6.9-rc2-mm1"
Previous message: Francois Romieu: "Re: 2.6.9-rc1-bk11+ and 2.6.9-rc1-mm3,4 r8169: freeze during boot (FIX included)"
In reply to: Herbert Xu: "Re: Minor IPSec bug + solution"
Next in thread: Herbert Xu: "Re: Minor IPSec bug + solution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]