From: "Timo Teräs" <timo.teras@iki.fi>
To: David Miller <davem@davemloft.net>
Cc: herbert@gondor.apana.org.au, netdev@vger.kernel.org
Subject: Re: [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension
Date: Fri, 23 Jan 2009 08:18:33 +0200 [thread overview]
Message-ID: <49796139.3090605@iki.fi> (raw)
In-Reply-To: <20090121.222112.245293949.davem@davemloft.net>
David Miller wrote:
> From: Timo Teräs <timo.teras@iki.fi>
>> David Miller wrote:
>>> From: Timo Teräs <timo.teras@iki.fi>
>>>> Is there any particular reason why setting NAT-OA info should/
>>>> must be done using netlink? Or is this just a way to try to
>>>> put more pressure for the change to happen?
>>> Because it isn't deprecated if we keep adding features to it.
>> I would not consider this a new feature. It just makes pfkey
>> act consistently. If you don't want it supported, it'd make
>> more sense to not #define SADB_X_EXT_NAT_T_OA and drop all of
>> the verification code already present than to silently
>> ignore it. Make kernel return an error if some tried using it.
>
> Fair enough, sounds like a reasonable argument.
>
> Herbert what do you think? The proposal is that we just reflect the
> value we get, rather than acting upon it.
Going back to the original patch. Knowing that it's bad idea to
use it for my other purposes, I have no strong feelings to push
for this.
Then again, since as discussed earlier, encap_oa is not used for
anything (and never will be). It's just stored and given back if
requested, so this patch adds nothing new; it just stores and
gives the attribute back if the SA is dumped.
Do note that currently pfkey_msg2xfrm_state() currently allocates
xfrm_encap_tmpl with kmalloc() and leaves encap_oa uninitialized,
thus all SAs with NAT-T created via pfkey currently show random
crap in encap_oa when dumped via "ip xfrm state".
Also the patch I sent first should memset() the encap_oa if
SADB_X_EXT_NAT_T_OA is not present.
If you still consider that the copying of that extension is
inappropriate then maybe memset():ing the encap_oa to zero
would be acceptable?
Cheers,
Timo
next prev parent reply other threads:[~2009-01-23 6:18 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-21 7:34 [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension Timo Teras
2009-01-21 22:33 ` Herbert Xu
2009-01-21 22:40 ` David Miller
2009-01-22 5:56 ` Timo Teräs
2009-01-22 6:03 ` David Miller
2009-01-22 6:14 ` Timo Teräs
2009-01-22 6:21 ` David Miller
2009-01-22 6:32 ` Herbert Xu
2009-01-22 6:39 ` Timo Teräs
2009-01-22 6:47 ` Herbert Xu
2009-01-22 6:54 ` Timo Teräs
2009-01-22 7:39 ` Herbert Xu
2009-01-22 8:31 ` Timo Teräs
2009-01-22 8:50 ` Herbert Xu
2009-01-22 9:24 ` Timo Teräs
2009-01-22 9:41 ` Herbert Xu
2009-01-22 10:00 ` Timo Teräs
2009-01-22 10:10 ` Herbert Xu
2009-01-23 6:18 ` Timo Teräs [this message]
2009-01-23 9:09 ` Herbert Xu
2009-01-22 6:22 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49796139.3090605@iki.fi \
--to=timo.teras@iki.fi \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.