Re: Checking SPI in xfrm_state_find

[Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>]

On Thu, Mar 31, 2005 at 02:13:54AM +0200, Patrick McHardy wrote:
>
> Thanks, both done by these two patches.

Great.

> # This is a BitKeeper generated diff -Nru style patch.
> #
> # ChangeSet
> #   2005/03/30 06:02:45+02:00 kaber@xxxxxxxxxxxx 
> #   [IPSEC]: Check SPI in xfrm_state_find()
> #   
> #   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

Looks good.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

> # This is a BitKeeper generated diff -Nru style patch.
> #
> # ChangeSet
> #   2005/03/31 02:07:54+02:00 kaber@xxxxxxxxxxxx 
> #   [IPSEC]: Check if SPI exists before creating acquire state
> #   
> #   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
>  
>       x = best;
> -     if (!x && !error && !acquire_in_progress &&
> -         ((x = xfrm_state_alloc()) != NULL)) {
> +     if (!x && !error && !acquire_in_progress) {
> +             x0 = afinfo->state_lookup(&tmpl->id.daddr, tmpl->id.spi, 
> tmpl->id.proto);

It just occured to me that it would be much simpler if you did the
existence check in the first loop.

So something like

                if (x->props.family != family ||
                    !xfrm_state_addr_check(x, daddr, saddr, family) ||
                    tmpl->id.proto == x->id.proto)
                        continue;
                if (tmpl->id.spi) {
                        if (tmpl->id.spi != x->id.spi)
                                continue;
                        error = -EEXIST;
                }
                if (x->props.reqid == tmpl->reqid &&
                    tmpl->mode == x->props.mode) {
                }

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt