| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles |
| From: | Patrick McHardy <kaber@xxxxxxxxx> |
| Date: | Mon, 07 Mar 2005 02:41:30 +0100 |
| Cc: | davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20050307012458.GA4335@xxxxxxxxxxxxxxxxxxx> |
| References: | <E1D7t0w-0008Qa-00@xxxxxxxxxxxxxxxxxxxxxxxx> <422AF8D0.3010905@xxxxxxxxx> <20050307012458.GA4335@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1 |
Herbert Xu wrote: On Sun, Mar 06, 2005 at 01:34:24PM +0100, Patrick McHardy wrote:How about this one ? It keeps the DST_XFRM_TUNNEL flag and sets it on the first xfrm_dst in a bundle. I know it doesn't really belong there,Actually, why do we need to treat tunnel mode differently here? In other words, why not just do the mark/tos checks unconditionally. Forwarded packets don't get a proper tos/mark setting for IPsec but that's a bug in itself. Mainly to avoid excessive long lists of cached bundles in tunnel mode. The use of a single list for the cache is questionable, but the patch was supposed to fix a different issue. Restricting use of tos/mark to transport mode avoids having exploding lists that are easily remotely triggerable. Regards Patrick |
| Previous by Date: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu |
|---|---|
| Next by Date: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu |
| Previous by Thread: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu |
| Next by Thread: | Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |