From: David Miller <davem@davemloft.net>
To: latten@austin.ibm.com
Cc: netdev@vger.kernel.org, jookos@gmail.com
Subject: Re: ipsec not working in 2.6.23-rc1-git10 when using pfkey
Date: Thu, 02 Aug 2007 15:01:14 -0700 (PDT) [thread overview]
Message-ID: <20070802.150114.66056548.davem@davemloft.net> (raw)
In-Reply-To: <200708021858.l72IwbhE018683@faith.austin.ibm.com>
From: Joy Latten <latten@austin.ibm.com>
Date: Thu, 2 Aug 2007 13:58:38 -0500
> Although an ipsec SA was established, kernel couldn't seem to find it.
>
> I think since we are now using "x->sel.family" instead of "family"
> in the xfrm_selector_match() called in xfrm_state_find(), af_key
> needs to set this field too, just as xfrm_user.
>
> In af_key.c, x->sel.family only gets set when there's an
> ext_hdrs[SADB_EXT_ADDRESS_PROXY-1] which I think is for tunnel.
>
> I think pfkey needs to also set the x->sel.family field when it is 0.
Thanks for finding this bug Joy.
It basically proves that this inner address change was %100 not tested
in any reasonable way by the patch submitter.
Originally Herbert and I thought I only saw problems because XFRM_USER
cases such as openswan did not set the x->sel.family field, but now
that we see that PF_KEY also has the same exact problem and as a
result I am very annoyed.
Joakim, TEST YOUR PATCHES, and not just with your BEET test cases,
before submitting them in the future. Having normal configurations of
both PF_KEY and XFRM_USER ipsec totally break as a result of your
changes is totally unacceptable and I will doubly scrutinize your
patch submissions in the future because of what has happened here.
Thanks.
next prev parent reply other threads:[~2007-08-02 22:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-02 18:58 ipsec not working in 2.6.23-rc1-git10 when using pfkey Joy Latten
2007-08-02 22:01 ` David Miller [this message]
2007-08-06 6:45 ` Joakim Koskela
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070802.150114.66056548.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=jookos@gmail.com \
--cc=latten@austin.ibm.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox