netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Checking SPI in xfrm_state_find

from [Herbert Xu] [Permanent Link][Original]
To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Checking SPI in xfrm_state_find
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 29 Mar 2005 09:39:17 +1000
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <424864CE.5060802@trash.net>
References: <20050214221006.GA18415@gondor.apana.org.au> <20050214221200.GA18465@gondor.apana.org.au> <20050214221433.GB18465@gondor.apana.org.au> <20050214221607.GC18465@gondor.apana.org.au> <424864CE.5060802@trash.net>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i 
On Mon, Mar 28, 2005 at 10:10:54PM +0200, Patrick McHardy wrote:
> 
> Something unrelated I was also wondering about, from xfrm_find_state():
> 
>         list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
>                 if (x->props.family == family &&
>                     x->props.reqid == tmpl->reqid &&
>                     xfrm_state_addr_check(x, daddr, saddr, family) &&
>                     tmpl->mode == x->props.mode &&
>                     tmpl->id.proto == x->id.proto) {
> 
> Shouldn't we check for (tmpl->id.spi == x->id.spi || !tmpl->id.spi) ?

Absolutely.  We should also fix the larval state generation in that
same function to fail the operation if that SPI already exists.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [PATCH: 2.6.12-rc1] mv643xx: ethernet driver updates, Dale Farnsworth
Next by Date:  mv643xx(1/20): Add mv643xx_enet support for PPC Pegasos platform, Dale Farnsworth
Previous by Thread:  Re: [IPSEC] Move xfrm_flush_bundles into xfrm_state GC, David S. Miller
Next by Thread:  Re: Checking SPI in xfrm_state_find, Patrick McHardy
Indexes:  [Date] [Thread] [Top] [All Lists]