Re: [PATCH] xfrm ip6ip6 - David S. Miller

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "David S. Miller" <davem@redhat.com>
To: mk@linux-ipv6.org
Cc: jmorris@intercode.com.au, kuznet@ms2.inr.ac.ru,
	netdev@oss.sgi.com, usagi@linux-ipv6.org
Subject: Re: [PATCH] xfrm ip6ip6
Date: Sun, 01 Jun 2003 01:30:40 -0700 (PDT)	[thread overview]
Message-ID: <20030601.013040.116362760.davem@redhat.com> (raw)
In-Reply-To: <87fzmv5ejc.wl@karaba.org>

   From: Mitsuru KANDA / 神田 充 <mk@linux-ipv6.org>
   Date: Sun, 01 Jun 2003 00:20:07 +0900

Hello Mitsuru-san!

   +	t->id.spi = xfrm6_tunnel_addr_hash((xfrm_address_t *)&x->props.saddr);

You misunderstood what I tried to explain to you.

Consider, how do you guarentee that this t->id.spi value is unique
across all xfrm6_tunnel tunnels using the same t->id.daddr and
t->id.prot?  The answer is that you cannot.

You must generate fake "spi" values, they have no meaning outside of
xfrm6_tunnel.c They serve purpose only to map 128-bit ipv6 address to
32-bit "xfrm6_tunnel" SPI value.

I would suggest following implementation:

1) Implement something similar to xfrm_alloc_spi(t, 1, ~(u32)0)

   It just needs to allocate unique SPI numbers local to
   xfrm6_tunnel.c   We mark "SPI" value zero as reserved and
   to indicate failed lookup.

2) Create hash table, it is keyed by ipv6 address and hash table
   entries give SPI values.

So on input you would say something like:

	u32 spi;

	spi = spihash_lookup(&iph->saddr);
	if (!spi)
		goto drop;
	x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi,
			      IPPROTO_IPV6, AF_INET6);

Is the idea more clear now?

Once you fix this up I'll apply your xfrm6_tunnel.c work.

Thank you.

next prev parent reply	other threads:[~2003-06-01  8:30 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-05-31 15:20 [PATCH] xfrm ip6ip6 Mitsuru KANDA / 神田 充
2003-05-31 16:01 ` James Morris
2003-06-01  8:34   ` David S. Miller
2003-05-31 16:06 ` James Morris
2003-06-01  8:30 ` David S. Miller [this message]
2003-06-13 16:03   ` [PATCH] xfrm ip6ip6 (revised) Mitsuru KANDA / 神田 充
2003-06-13 16:11     ` YOSHIFUJI Hideaki / 吉藤英明
2003-06-13 16:13       ` YOSHIFUJI Hideaki / 吉藤英明
2003-06-13 18:08         ` Ville Nuorvala
2003-06-13 19:07     ` David S. Miller
2003-06-13 19:19       ` David S. Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030601.013040.116362760.davem@redhat.com \
    --to=davem@redhat.com \
    --cc=jmorris@intercode.com.au \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=mk@linux-ipv6.org \
    --cc=netdev@oss.sgi.com \
    --cc=usagi@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).