From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vlad Yasevich Date: Thu, 28 Jan 2010 16:36:33 +0000 Subject: Re: [PATCH] sctp: IPsec rules are ineffective with ipv6 Message-Id: <4B61BD11.5020303@hp.com> List-Id: References: <4B6049EB.8030803@dev.6wind.com> <20100128.055148.127214200.davem@davemloft.net> <4B61AC22.2050907@hp.com> <4B61B047.10908@dev.6wind.com> In-Reply-To: <4B61B047.10908@dev.6wind.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: nicolas.dichtel@dev.6wind.com Cc: David Miller , netdev@vger.kernel.org, linux-sctp@vger.kernel.org Nicolas Dichtel wrote: > What about this one? >=20 > Only compilation tested. >=20 > xfrm_lookup() is missing in IPv6 output path. Call it when dst is build. > Initial patch was written by Junwei Zhang >=20 > Signed-off-by: Nicolas Dichtel Looks like it might do the right thing. Please run your tests on this an let me. Thanks -vlad >=20 > Le 28.01.2010 16:24, Vlad Yasevich a =E9crit : >> >> David Miller wrote: >>> From: Nicolas Dichtel >>> Date: Wed, 27 Jan 2010 15:12:59 +0100 >>> >>>> xfrm_lookup() is missing in sctp_v6_xmit(), add it. >>>> >>>> Signed-off-by: Junwei Zhang >>>> Signed-off-by: Nicolas Dichtel >>> Doing this every transmit packet is overkill. >>> >>> Whatever calculates the route that ends up in skb_dst(skb) >>> should be making this xfrm_lookup() call, not here. >>> >> >> >> Hmm.. Interesting. Looks like ip_route_output_key() will >> do xfrm_lookup for you, but there is no ipv6 route lookup call >> that will do the same thing. >> >> I guess we'll need to add an xfrm_lookup call in sctp_v6_get_dst(). >> >> -vlad From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vlad Yasevich Subject: Re: [PATCH] sctp: IPsec rules are ineffective with ipv6 Date: Thu, 28 Jan 2010 11:36:33 -0500 Message-ID: <4B61BD11.5020303@hp.com> References: <4B6049EB.8030803@dev.6wind.com> <20100128.055148.127214200.davem@davemloft.net> <4B61AC22.2050907@hp.com> <4B61B047.10908@dev.6wind.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: David Miller , netdev@vger.kernel.org, linux-sctp@vger.kernel.org To: nicolas.dichtel@dev.6wind.com Return-path: Received: from g5t0009.atlanta.hp.com ([15.192.0.46]:38301 "EHLO g5t0009.atlanta.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755812Ab0A1Qgi (ORCPT ); Thu, 28 Jan 2010 11:36:38 -0500 In-Reply-To: <4B61B047.10908@dev.6wind.com> Sender: netdev-owner@vger.kernel.org List-ID: Nicolas Dichtel wrote: > What about this one? >=20 > Only compilation tested. >=20 > xfrm_lookup() is missing in IPv6 output path. Call it when dst is bui= ld. > Initial patch was written by Junwei Zhang >=20 > Signed-off-by: Nicolas Dichtel Looks like it might do the right thing. Please run your tests on this an let me. Thanks -vlad >=20 > Le 28.01.2010 16:24, Vlad Yasevich a =E9crit : >> >> David Miller wrote: >>> From: Nicolas Dichtel >>> Date: Wed, 27 Jan 2010 15:12:59 +0100 >>> >>>> xfrm_lookup() is missing in sctp_v6_xmit(), add it. >>>> >>>> Signed-off-by: Junwei Zhang >>>> Signed-off-by: Nicolas Dichtel >>> Doing this every transmit packet is overkill. >>> >>> Whatever calculates the route that ends up in skb_dst(skb) >>> should be making this xfrm_lookup() call, not here. >>> >> >> >> Hmm.. Interesting. Looks like ip_route_output_key() will >> do xfrm_lookup for you, but there is no ipv6 route lookup call >> that will do the same thing. >> >> I guess we'll need to add an xfrm_lookup call in sctp_v6_get_dst(). >> >> -vlad