Re: when having to acquire an SA, ipsec drops the packet

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Miller <davem@davemloft.net>
To: vyekkirala@trustedcs.com
Cc: jmorris@namei.org, latten@austin.ibm.com, netdev@vger.kernel.org,
	paul.moore@hp.com, vyekkirala@tcsfw4.tcs-sec.com,
	herbert@gondor.apana.org.au
Subject: Re: when having to acquire an SA, ipsec drops the packet
Date: Mon, 05 Feb 2007 13:11:59 -0800 (PST)	[thread overview]
Message-ID: <20070205.131159.88703371.davem@davemloft.net> (raw)
In-Reply-To: <000701c74967$1ad9a9c0$cc0a010a@tcssec.com>

From: "Venkat Yekkirala" <vyekkirala@trustedcs.com>
Date: Mon, 5 Feb 2007 14:49:17 -0600

> > Something like this (untested) on the ipv4 side, for example:
> > 
> > diff --git a/include/net/route.h b/include/net/route.h
> > index 486e37a..a8af632 100644
> > --- a/include/net/route.h
> > +++ b/include/net/route.h
> > @@ -146,7 +146,8 @@ static inline char rt_tos2priority(u8 tos)
> >  
> >  static inline int ip_route_connect(struct rtable **rp, __be32 dst,
> >  				   __be32 src, u32 tos, int 
> > oif, u8 protocol,
> > -				   __be16 sport, __be16 dport, 
> > struct sock *sk)
> > +				   __be16 sport, __be16 dport, 
> > struct sock *sk,
> > +				   int flags)
> >  {
> >  	struct flowi fl = { .oif = oif,
> >  			    .nl_u = { .ip4_u = { .daddr = dst,
> > @@ -168,7 +169,7 @@ static inline int ip_route_connect(struct 
> > rtable **rp, __be32 dst,
> >  		*rp = NULL;
> >  	}
> >  	security_sk_classify_flow(sk, &fl);
> > -	return ip_route_output_flow(rp, &fl, sk, 0);
> > +	return ip_route_output_flow(rp, &fl, sk, 1);
> 
> I guess you meant to pass the new flags param to ip_route_output_flow here?

Yes I did, thanks for catching that.

commit a6886040ae6b8c9bfc811bd0dbdb47cfa3f2db29
Author: David S. Miller <davem@davemloft.net>
Date:   Mon Feb 5 13:11:42 2007 -0800

    [IPV4]: Fix thinko in ip_route_connect().
    
    The idea was the pass in the new "flags" parameter down
    to ip_route_output_flow().
    
    Noticed by Venkat Tekkirala.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/route.h b/include/net/route.h
index a8af632..1440bdb 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -169,7 +169,7 @@ static inline int ip_route_connect(struct rtable **rp, __be32 dst,
 		*rp = NULL;
 	}
 	security_sk_classify_flow(sk, &fl);
-	return ip_route_output_flow(rp, &fl, sk, 1);
+	return ip_route_output_flow(rp, &fl, sk, flags);
 }
 
 static inline int ip_route_newports(struct rtable **rp, u8 protocol,

next prev parent reply	other threads:[~2007-02-05 21:12 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-02-01 22:51 when having to acquire an SA, ipsec drops the packet Joy Latten
2007-02-01 23:44 ` James Morris
2007-02-02 15:30   ` Paul Moore
2007-02-05  4:53   ` David Miller
2007-02-05 16:33     ` James Morris
2007-02-05 20:34       ` James Morris
2007-02-05 21:07         ` David Miller
2007-02-05 20:49     ` Venkat Yekkirala
2007-02-05 21:11       ` David Miller [this message]
2007-02-05 20:53     ` Joy Latten
2007-02-05 21:13       ` David Miller
2007-02-05 20:52   ` Joy Latten
  -- strict thread matches above, loose matches on Subject: below --
2007-02-07 16:33 Joy Latten
2007-03-06  1:47 Joy Latten
2007-03-06  3:21 ` James Morris
2007-03-06 17:14   ` Joy Latten
2007-03-06 19:40     ` James Morris

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a8af632 dfblob:1440bdb )
 OR (
bs:"Re: when having to acquire an SA, ipsec drops the packet" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070205.131159.88703371.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=jmorris@namei.org \
    --cc=latten@austin.ibm.com \
    --cc=netdev@vger.kernel.org \
    --cc=paul.moore@hp.com \
    --cc=vyekkirala@tcsfw4.tcs-sec.com \
    --cc=vyekkirala@trustedcs.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).