netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles

from [Patrick McHardy] [Permanent Link][Original]
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Mon, 07 Mar 2005 02:41:30 +0100
Cc: davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050307012458.GA4335@gondor.apana.org.au>
References: <E1D7t0w-0008Qa-00@gondolin.me.apana.org.au> <422AF8D0.3010905@trash.net> <20050307012458.GA4335@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1
Herbert Xu wrote: 
On Sun, Mar 06, 2005 at 01:34:24PM +0100, Patrick McHardy wrote:

How about this one ? It keeps the DST_XFRM_TUNNEL flag and sets it on
the first xfrm_dst in a bundle. I know it doesn't really belong there,



Actually, why do we need to treat tunnel mode differently here?
In other words, why not just do the mark/tos checks unconditionally.

Forwarded packets don't get a proper tos/mark setting for IPsec
but that's a bug in itself.


Mainly to avoid excessive long lists of cached bundles in tunnel
mode. The use of a single list for the cache is questionable, but
the patch was supposed to fix a different issue. Restricting use
of tos/mark to transport mode avoids having exploding lists that
are easily remotely triggerable.

Regards
Patrick

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Next by Date:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Previous by Thread:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Next by Thread:  Re: [PATCH 3/3 XFRM]: Fix invalid key for lookup of cached bundles, Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]