Received: with ECARTIS (v1.0.0; list netdev); Mon, 31 Jan 2005 11:46:44 -0800 (PST) Received: from cheetah.davemloft.net (mail@adsl-63-197-226-105.dsl.snfc21.pacbell.net [63.197.226.105]) by oss.sgi.com (8.13.0/8.13.0) with ESMTP id j0VJkRHL021002 for ; Mon, 31 Jan 2005 11:46:28 -0800 Received: from localhost ([127.0.0.1] helo=cheetah.davemloft.net ident=davem) by cheetah.davemloft.net with smtp (Exim 3.36 #1 (Debian)) id 1CvhP2-00075r-00; Mon, 31 Jan 2005 11:40:04 -0800 Date: Mon, 31 Jan 2005 11:40:04 -0800 From: "David S. Miller" To: Herbert Xu Cc: akpm@osdl.org, au@unterluggauer.org, netdev@oss.sgi.com Subject: Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) Message-Id: <20050131114004.6c61cdc1.davem@davemloft.net> In-Reply-To: References: <20050130224404.5f78d28a.akpm@osdl.org> X-Mailer: Sylpheed version 1.0.0 (GTK+ 1.2.10; sparc-unknown-linux-gnu) X-Face: "_;p5u5aPsO,_Vsx"^v-pEq09'CU4&Dc1$fQExov$62l60cgCc%FnIwD=.UF^a>?5'9Kn[;433QFVV9M..2eN.@4ZWPGbdi<=?[:T>y?SD(R*-3It"Vj:)"dP Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.80/650/Sun Jan 2 19:00:02 2005 clamav-milter version 0.80j on 127.0.0.1 X-Virus-Status: Clean X-archive-position: 1115 X-ecartis-version: Ecartis v1.0.0 Sender: netdev-bounce@oss.sgi.com Errors-to: netdev-bounce@oss.sgi.com X-original-sender: davem@davemloft.net Precedence: bulk X-list: netdev Content-Length: 410 Lines: 12 On Mon, 31 Jan 2005 21:54:33 +1100 Herbert Xu wrote: > Well without the check we would have silently ignored the sequence > number which is why you wouldn't have noticed the problem with racoon > before. > > However, for those who need to use the sequence number this check is > necessary. Yes, but the loop in the kernel must be prevented nevertheless, buggy userland or not.