Re: [Openswan dev] ip xfrm bug

Re: [Openswan dev] ip xfrm bug

[Herbert Xu]

On Fri, Dec 14, 2007 at 11:21:18AM -0800, Stephen Hemminger wrote:
>
> I can see where to filter these, but I am ignorant of how to
> identify the socket policies. Are they just marked as sub-policies?

Jamal's going to hate me but setkey(8) already uses this so we're
stuck with it anyway.

The test is

	up->index % 8 >= 3

This is true iff it's a socket policy.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: ip xfrm bug

[jamal]

On Sun, 2007-16-12 at 15:43 +0800, Herbert Xu wrote:

> Jamal's going to hate me but setkey(8) already uses this so we're
> stuck with it anyway.
> 
> The test is
> 
> 	up->index % 8 >= 3
> 
> This is true iff it's a socket policy.

I would have loved it if user space had a say ;-> 
In the case of tc actions for example; the (table) index abides to the
following rules:

 if user space specified one in rule insertion then {
     if available, use the allowed entry {
     } else if inuse {
         if replace flag is set then {
            replace
        } else {
         return error
     }
  } else {
   grab the next available index
  }

makes management from user space much simpler.

cheers,
jamal