From: Fan Du <fan.du@windriver.com>
To: Steffen Klassert <steffen.klassert@secunet.com>
Cc: <davem@davemloft.net>, <netdev@vger.kernel.org>
Subject: Re: [PATCH net-next 2/3] xfrm: clamp down spi range for IPComp when allocating spi
Date: Mon, 9 Dec 2013 17:58:49 +0800 [thread overview]
Message-ID: <52A59459.1010102@windriver.com> (raw)
In-Reply-To: <20131209095133.GK31491@secunet.com>
On 2013年12月09日 17:51, Steffen Klassert wrote:
> On Mon, Dec 09, 2013 at 05:13:52PM +0800, Fan Du wrote:
>>
>>
>> On 2013年12月09日 16:57, Steffen Klassert wrote:
>>>
>>> Instead of doing this check here again, we should implement an equivalent
>>> to verify_userspi_info() for pfkey. Then we are sure to have a valid range
>>> in any case.
>>>
>>
>> How about export an common function in xfrm_state.c to check this corner case?
>> This could be shared by both netlink and pfkey interface, and verify_userspi_info
>> simplified also?
>>
>> int check_ipcomp_spirange(u8 proto, u32 high)
>> {
>> if ((proto == IPPROTO_COMP)&& (high> 0xFFFF))
>> return -EINVAL;
>> else return 0;
>> }
>> EXPORT_SYMBOL(check_ipcomp_spirange);
>
> I don't think that we should export such a function,
> it is not sufficient.
>
> The netlink interface is ok, it does verify_userspi_info(),
> and the pfkey interface need all the checks done in
> verify_userspi_info() too. In particular the check if
> the minimum spi value is not bigger than the maximum.
>
> So we could either make verify_userspi_info() shared,
Ok, I will try to export verify_userspi_info then.
Is there any comments on patch3/3 before I make v2?
--
浮沉随浪只记今朝笑
--fan
next prev parent reply other threads:[~2013-12-09 9:59 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-28 2:52 [PATCH net-next 0/3] IPComp fixes Fan Du
2013-11-28 2:52 ` [PATCH net-next 1/3] xfrm: check user specified spi for IPComp Fan Du
2013-12-06 11:44 ` Steffen Klassert
2013-11-28 2:52 ` [PATCH net-next 2/3] xfrm: clamp down spi range for IPComp when allocating spi Fan Du
2013-12-06 11:42 ` Steffen Klassert
2013-12-09 6:27 ` Fan Du
2013-12-09 8:57 ` Steffen Klassert
2013-12-09 9:13 ` Fan Du
2013-12-09 9:51 ` Steffen Klassert
2013-12-09 9:58 ` Fan Du [this message]
2013-11-28 2:52 ` [PATCH net-next 3/3] xfrm: Restrict "level use" for IPComp configuration Fan Du
2013-12-09 10:38 ` Steffen Klassert
2013-12-10 2:39 ` Fan Du
2013-12-10 13:11 ` Steffen Klassert
2013-12-13 9:16 ` Fan Du
2013-12-06 9:58 ` [PATCH net-next 0/3] IPComp fixes Fan Du
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A59459.1010102@windriver.com \
--to=fan.du@windriver.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.