From: Mitsuru KANDA / 神田 充 <mk@xxxxxxxxxxxxxx>
Date: Sun, 01 Jun 2003 00:20:07 +0900
Hello Mitsuru-san!
+ t->id.spi = xfrm6_tunnel_addr_hash((xfrm_address_t *)&x->props.saddr);
You misunderstood what I tried to explain to you.
Consider, how do you guarentee that this t->id.spi value is unique
across all xfrm6_tunnel tunnels using the same t->id.daddr and
t->id.prot? The answer is that you cannot.
You must generate fake "spi" values, they have no meaning outside of
xfrm6_tunnel.c They serve purpose only to map 128-bit ipv6 address to
32-bit "xfrm6_tunnel" SPI value.
I would suggest following implementation:
1) Implement something similar to xfrm_alloc_spi(t, 1, ~(u32)0)
It just needs to allocate unique SPI numbers local to
xfrm6_tunnel.c We mark "SPI" value zero as reserved and
to indicate failed lookup.
2) Create hash table, it is keyed by ipv6 address and hash table
entries give SPI values.
So on input you would say something like:
u32 spi;
spi = spihash_lookup(&iph->saddr);
if (!spi)
goto drop;
x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
IPPROTO_IPV6, AF_INET6);
Is the idea more clear now?
Once you fix this up I'll apply your xfrm6_tunnel.c work.
Thank you.
|