Netdev List
 help / color / mirror / Atom feed
From: David Miller <davem@davemloft.net>
To: latten@austin.ibm.com
Cc: netdev@vger.kernel.org, jookos@gmail.com
Subject: Re: ipsec not working in 2.6.23-rc1-git10 when using pfkey
Date: Thu, 02 Aug 2007 15:01:14 -0700 (PDT)	[thread overview]
Message-ID: <20070802.150114.66056548.davem@davemloft.net> (raw)
In-Reply-To: <200708021858.l72IwbhE018683@faith.austin.ibm.com>

From: Joy Latten <latten@austin.ibm.com>
Date: Thu, 2 Aug 2007 13:58:38 -0500

> Although an ipsec SA was established, kernel couldn't seem to find it.
> 
> I think since we are now using "x->sel.family" instead of "family" 
> in the  xfrm_selector_match() called in xfrm_state_find(), af_key 
> needs to set this field too, just as xfrm_user. 
> 
> In af_key.c, x->sel.family only gets set when there's an 
> ext_hdrs[SADB_EXT_ADDRESS_PROXY-1] which I think is for tunnel.
> 
> I think pfkey needs to also set the x->sel.family field when it is 0.

Thanks for finding this bug Joy.

It basically proves that this inner address change was %100 not tested
in any reasonable way by the patch submitter.

Originally Herbert and I thought I only saw problems because XFRM_USER
cases such as openswan did not set the x->sel.family field, but now
that we see that PF_KEY also has the same exact problem and as a
result I am very annoyed.

Joakim, TEST YOUR PATCHES, and not just with your BEET test cases,
before submitting them in the future.  Having normal configurations of
both PF_KEY and XFRM_USER ipsec totally break as a result of your
changes is totally unacceptable and I will doubly scrutinize your
patch submissions in the future because of what has happened here.

Thanks.

  reply	other threads:[~2007-08-02 22:01 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-08-02 18:58 ipsec not working in 2.6.23-rc1-git10 when using pfkey Joy Latten
2007-08-02 22:01 ` David Miller [this message]
2007-08-06  6:45   ` Joakim Koskela

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070802.150114.66056548.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=jookos@gmail.com \
    --cc=latten@austin.ibm.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox