From: David Miller <davem@davemloft.net>
To: joakim.koskela@hiit.fi
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH net-2.6.23-rc5] ipsec interfamily route handling fix
Date: Fri, 14 Sep 2007 13:42:52 -0700 (PDT) [thread overview]
Message-ID: <20070914.134252.112612041.davem@davemloft.net> (raw)
In-Reply-To: <200709061900.10508.joakim.koskela@hiit.fi>
From: Joakim Koskela <joakim.koskela@hiit.fi>
Date: Thu, 6 Sep 2007 19:00:10 +0300
> This patch addresses a couple of issues related to interfamily ipsec
> modes. The problem is that the structure of the routing info changes
> with the family during the __xfrmX_bundle_create, which hasn't been
> taken properly into account. Seems that by coincidence it hasn't
> caused problems on 32bit platforms, but crashes for example on x86_64
> in 6-4 around line 209 of xfrm6_policy.c as rt doesn't point to a
> rt6_info anymore, but actually a struct rtable. With 64bit pointers,
> the rt->rt6i_node pointer seems to hit something usually not null in
> the rtable that rt now points to, making it go for the path_cookie
> assignment and subsequently crashing.
>
> Tested on both 32/64bit with all four (44/46/64/66) combinations of
> transformation. I'm still a bit worried about how for example nested
> transformations work with all of this and would appreciate if someone
> more familiar with the details of these structs could comment.
>
> Signed-off-by: Joakim Koskela <jookos@gmail.com>
Since nobody else found time to review this, I did :-)
It's line wrapped so doesn't apply cleanly, but it has technical
issues too.
It sets encap_type in the inner loop, but what if we find multiple
entries some ipv4 and some ipv6? This logic can't be right.
Instead, we need to treat these objects on an individual basis, I
think, and that requires a bit more changes.
These tunnel handling code blocks are getting messy, perhaps it's
time for a little bit of indirection based upon AF type?
next prev parent reply other threads:[~2007-09-14 20:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-06 16:00 [PATCH net-2.6.23-rc5] ipsec interfamily route handling fix Joakim Koskela
2007-09-12 12:46 ` David Miller
2007-09-14 20:42 ` David Miller [this message]
2007-10-11 8:53 ` Joakim Koskela
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070914.134252.112612041.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=joakim.koskela@hiit.fi \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox