[Top] [All Lists]

Re: [PATCH][IPV6] fixed authentication error with TCP

To: Kazunori Miyazawa <kazunori@xxxxxxxxxxxx>
Subject: Re: [PATCH][IPV6] fixed authentication error with TCP
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Thu, 7 Aug 2003 22:05:39 -0700
Cc: kuznet@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, usagi@xxxxxxxxxxxxxx, latten@xxxxxxxxxxxxxx
In-reply-to: <>
References: <>
Sender: netdev-bounce@xxxxxxxxxxx
On Wed, 6 Aug 2003 16:44:13 +0900
Kazunori Miyazawa <kazunori@xxxxxxxxxxxx> wrote:

> Miss Joy (@IBM) and I investigated the bug that "authentication
> error" occured with using TCP and AH in IPv6. This patch fixes the
> bug. This patch makes the kernel consider extension header length in
> a dst.
> This pach works with my previous patch which fixes zero-clear in ah6_input.
> Please append the name "Joy Latten" into the log.

I have applied this patch, thank you.

But I see a small area for improvement.  Look at the place inside
of ip6_dst_lookup() where we do source address selection.  If this
fails, we mark error to dst->error.

Is it correct?  This 'dst' route might otherwise be perfectly fine.
But now that dst->error is set, it is poisoned for other users
and they are not able to use it.

A similar case occurs further down after the xfrm_lookup() call, but
this one I think is correct.

It seems to me that it is only OK for dst->error to be set on routes
that may not be used validly for anything.

Alexey, do I understand this stuff correctly?

<Prev in Thread] Current Thread [Next in Thread>