From: Herbert Xu <herbert@gondor.apana.org.au>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: xfrm_input() and ->seq oddities
Date: Mon, 4 Feb 2008 09:00:27 +1100 [thread overview]
Message-ID: <20080203220027.GA11641@gondor.apana.org.au> (raw)
In-Reply-To: <20080203110444.GR27894@ZenIV.linux.org.uk>
On Sun, Feb 03, 2008 at 11:04:44AM +0000, Al Viro wrote:
>
> So what you are saying is
> * callers of xfrm_input_resume() are in callbacks that couldn't
> have been set other than from esp_input()/esp6_input()
> * these two could have only been called via ->type->input()
> * ->type->input() is called from xfrm_input(), immediately after
> having set ->seq.input, *or* from xfrm6_input_addr(). The former is safe.
> * xfrm6_input_addr() calls ->type->input() of object it gets from
> xfrm_state_lookup_byaddr(). The protocol number passed to the latter comes
> from xfrm6_input_addr() argument.
> * the protocol numbers given to xfrm6_input_addr() by its callers
> are IPPROTO_DSTOPTS and IPPROTO_ROUTING resp; ->input() instances in their
> xfrm_type do *not* set callbacks that could lead to xfrm_input_resume(),
> so we are safe.
This doesn't look so bad if you take out the xfrm6_input_addr call.
And you can't blame that one on me :)
The xfrm6_input_addr function is really a parallel universe which has
nothing to do with IPsec. It's used by Mobile IPv6 just because it
happened to fit in the same schema.
In other words, IPsec transforms such as ESP cannot be called from
xfrm6_input_addr and as such async resumption never occurs with
xfrm6_input_addr.
> IMO that at least deserves a comment near xfrm_input()...
Sure. There is already a comment about encap_type < 0 in there, but
I think you'll probably be able to explain it much better than I can
looking in from the outside so if you have a patch... :)
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2008-02-03 22:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-02 21:16 [2.6 patch] xfrm4_beet_input(): fix an if() Adrian Bunk
2008-02-02 22:22 ` Herbert Xu
[not found] ` <20080202235827.GP27894@ZenIV.linux.org.uk>
2008-02-03 0:20 ` xfrm_input() and ->seq oddities Herbert Xu
2008-02-03 0:37 ` Al Viro
2008-02-03 3:05 ` Herbert Xu
2008-02-03 11:04 ` Al Viro
2008-02-03 22:00 ` Herbert Xu [this message]
2008-02-13 6:54 ` David Miller
2008-02-13 6:54 ` David Miller
2008-02-05 10:51 ` [2.6 patch] xfrm4_beet_input(): fix an if() David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080203220027.GA11641@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).