| To: | toml@xxxxxxxxxx |
|---|---|
| Subject: | Re: IPSec: Policy dst bundles exhausting storage |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Thu, 12 Jun 2003 01:21:00 -0700 (PDT) |
| Cc: | netdev@xxxxxxxxxxx, kuznet@xxxxxxxxxxxxx |
| In-reply-to: | <1055352036.2610.42.camel@tomlt2.tomloffice.austin.ibm.com> |
| References: | <1055352036.2610.42.camel@tomlt2.tomloffice.austin.ibm.com> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
From: Tom Lendacky <toml@xxxxxxxxxx>
Date: 11 Jun 2003 12:20:33 -0500
As for the bug though, it appears that the "x->u.rt.fl = *fl"
statement shouldn't be performed in the IPv6 __xfrm6_bundle_create
function.
I have a better suggestion for fix:
1) Delete the "x->u.rt.fl = *fl;" line completely.
2) Fix the test in __xfrm6_find_bundle() to do a proper
prefix-mask based address comparison.
rt6->rt6i_{dst,src} are masked addresses, so direct
comparison is wrong.
Can someone code this up?
Thanks.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH 2.5.70+] tun using alloc_netdev, David S. Miller |
|---|---|
| Next by Date: | Re: [patch]: CONFIG_IPV6_SUBTREES fix for MIPv6, Henrik Petander |
| Previous by Thread: | Re: IPSec: Policy dst bundles exhausting storage, Tom Lendacky |
| Next by Thread: | Re: IPSec: Policy dst bundles exhausting storage, Tom Lendacky |
| Indexes: | [Date] [Thread] [Top] [All Lists] |