| To: | Martin Bouzek <martin.bouzek@xxxxxxxxxxxx> |
|---|---|
| Subject: | Re: Minor IPSec bug + solution |
| From: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 17 Sep 2004 20:27:20 +1000 |
| Cc: | Linux Kernel <linux-kernel@xxxxxxxxxxxxxxx>, davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <1095413173.2708.106.camel@mabouzek> |
| References: | <E1C83f1-0002X7-00@gondolin.me.apana.org.au> <1095413173.2708.106.camel@mabouzek> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.5.6+20040722i |
On Fri, Sep 17, 2004 at 11:26:13AM +0200, Martin Bouzek wrote: > > > > function. For tunnels it returns > > > > > > tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, family); > > Well, I am not expierienced with the networking kernel code, > nevertheless I still think the check is not correct. If you change the && to ||, then an ESP tunnel SA marked as required can be matched by a simple IPIP SA with the same addresses. -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [PATCH][resend] Update e1000 to use module_param(), Venkatesan, Ganesh |
|---|---|
| Next by Date: | [XFRM] Make XFRM core subsystem af-independent, YOSHIFUJI Hideaki / 吉藤英明 |
| Previous by Thread: | Re: Minor IPSec bug + solution, Martin Bouzek |
| Next by Thread: | Re: Minor IPSec bug + solution, Martin Bouzek |
| Indexes: | [Date] [Thread] [Top] [All Lists] |