netdev
[Top] [All Lists]

Re: Checking SPI in xfrm_state_find

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Re: Checking SPI in xfrm_state_find
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 31 Mar 2005 10:46:58 +1000
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <424B40C2.90304@xxxxxxxxx>
References: <20050214221006.GA18415@xxxxxxxxxxxxxxxxxxx> <20050214221200.GA18465@xxxxxxxxxxxxxxxxxxx> <20050214221433.GB18465@xxxxxxxxxxxxxxxxxxx> <20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <424864CE.5060802@xxxxxxxxx> <20050328233917.GB15369@xxxxxxxxxxxxxxxxxxx> <424B40C2.90304@xxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Thu, Mar 31, 2005 at 02:13:54AM +0200, Patrick McHardy wrote:
>
> Thanks, both done by these two patches.

Great.

> # This is a BitKeeper generated diff -Nru style patch.
> #
> # ChangeSet
> #   2005/03/30 06:02:45+02:00 kaber@xxxxxxxxxxxx 
> #   [IPSEC]: Check SPI in xfrm_state_find()
> #   
> #   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

Looks good.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

> # This is a BitKeeper generated diff -Nru style patch.
> #
> # ChangeSet
> #   2005/03/31 02:07:54+02:00 kaber@xxxxxxxxxxxx 
> #   [IPSEC]: Check if SPI exists before creating acquire state
> #   
> #   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
>  
>       x = best;
> -     if (!x && !error && !acquire_in_progress &&
> -         ((x = xfrm_state_alloc()) != NULL)) {
> +     if (!x && !error && !acquire_in_progress) {
> +             x0 = afinfo->state_lookup(&tmpl->id.daddr, tmpl->id.spi, 
> tmpl->id.proto);

It just occured to me that it would be much simpler if you did the
existence check in the first loop.

So something like

                if (x->props.family != family ||
                    !xfrm_state_addr_check(x, daddr, saddr, family) ||
                    tmpl->id.proto == x->id.proto)
                        continue;
                if (tmpl->id.spi) {
                        if (tmpl->id.spi != x->id.spi)
                                continue;
                        error = -EEXIST;
                }
                if (x->props.reqid == tmpl->reqid &&
                    tmpl->mode == x->props.mode) {
                }

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>