[Top] [All Lists]

Re: patch: policy update by id

To: jamal <hadi@xxxxxxxxxx>
Subject: Re: patch: policy update by id
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Apr 2005 11:30:14 +1000
Cc: netdev@xxxxxxxxxxx
In-reply-to: <>
References: <1114602874.7670.4.camel@localhost.localdomain> <1114604657.7670.22.camel@localhost.localdomain> <1114604826.7670.24.camel@localhost.localdomain> <> <1114650816.7663.13.camel@localhost.localdomain> <>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Thu, Apr 28, 2005 at 11:21:35AM +1000, herbert wrote:
> I see.  In that case you want to change your expression above
> so that the memcmp is never done if excl is off and the index
> is non-zero.  Otherwise this will result in non-deterministic
> behaviour as the result will change depending on whether the
> first hit is an index match or a selector match.

Sorry, the index match needs more work.  We need to maintain
these invariants:

1) There is only one policy with a given selector.
2) There is only one policy with a given index.

So to allow matching by index when updating, we need to deal
with the possibility of having to delete two existing policies.
The current code simply can't deal with that.

So if we're going to do this we'll need a bigger patch :)

Visit Openswan at
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key:

<Prev in Thread] Current Thread [Next in Thread>