From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
kuznet@ms2.inr.ac.ru, jmorris@redhat.com,
yoshfuji@linux-ipv6.org, netdev@oss.sgi.com
Subject: Re: [IPSEC]: Kill nested read lock by deleting xfrm_init_tempsel
Date: Fri, 22 Apr 2005 01:53:43 +0200 [thread overview]
Message-ID: <42683D07.6090808@trash.net> (raw)
In-Reply-To: <20050421163526.7a29a76f.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 844 bytes --]
David S. Miller wrote:
> On Wed, 6 Apr 2005 12:21:55 +1000
> Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
>>Thanks. Just one more issue that I can think of, the check should
>>only be done when tmpl->id.spi != 0. Otherwise the presence of
>>valid states with differing state selectors will prevent new
>>sessions from starting up.
>
> Is it really worthwhile, right now, to change that tmpl->id.daddr to
> daddr? That seems to be all that Patrick's most recent patch does.
Yes, tmpl->id.daddr might be 0, in which case the destination
of the packet or previous tunnel mode transforms is used. daddr
always contains the correct adress, so we should use it to check
for duplicate SPIs. But as Herbert noted, we shouldn't perform
the check if tmpl->id.spi == 0, so here is a new patch.
Signed-off-by: Patrick McHardy <kaber@trash.net>
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 544 bytes --]
===== net/xfrm/xfrm_state.c 1.60 vs edited =====
--- 1.60/net/xfrm/xfrm_state.c 2005-04-01 07:19:54 +02:00
+++ edited/net/xfrm/xfrm_state.c 2005-04-22 01:51:37 +02:00
@@ -357,8 +357,9 @@
x = best;
if (!x && !error && !acquire_in_progress) {
- x0 = afinfo->state_lookup(&tmpl->id.daddr, tmpl->id.spi, tmpl->id.proto);
- if (x0 != NULL) {
+ if (tmpl->id.spi &&
+ (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
+ tmpl->id.proto)) != NULL) {
xfrm_state_put(x0);
error = -EEXIST;
goto out;
next prev parent reply other threads:[~2005-04-21 23:53 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-14 22:10 [1/4] [IPSEC] Merge xfrm[46]_bundle/stale_bundle Herbert Xu
2005-02-14 22:12 ` [2/4] [IPSEC] Add xfrm_state_mtu Herbert Xu
2005-02-14 22:14 ` [3/4] [IPSEC] Add route element to xfrm_dst Herbert Xu
2005-02-14 22:16 ` [4/4] [IPSEC] Store MTU at each xfrm_dst Herbert Xu
2005-02-15 15:53 ` James Morris
2005-02-15 20:31 ` Herbert Xu
2005-02-16 10:37 ` [5/*] [IPSEC] Use dst_mtu in xfrm[46]_output Herbert Xu
2005-02-16 11:08 ` [6/*] [IPSEC] Fix xfrm[46]_update_pmtu to update top dst Herbert Xu
2005-02-16 11:38 ` [7/*] [IPSEC] Get metrics for xfrm_dst from " Herbert Xu
2005-03-07 5:47 ` David S. Miller
2005-03-07 10:41 ` Herbert Xu
2005-03-07 5:35 ` [6/*] [IPSEC] Fix xfrm[46]_update_pmtu to update " David S. Miller
2005-03-07 10:39 ` Herbert Xu
2005-03-07 5:33 ` [5/*] [IPSEC] Use dst_mtu in xfrm[46]_output David S. Miller
2005-03-07 11:45 ` [10/*] [TCP] Get rid of dst_ptmu/ext2_header_len Herbert Xu
2005-03-07 17:33 ` David S. Miller
2005-03-07 5:32 ` [4/4] [IPSEC] Store MTU at each xfrm_dst David S. Miller
2005-03-07 10:35 ` [9/*] [IPSEC] Check dst validity harder in xfrm_bundle_ok Herbert Xu
2005-03-07 17:32 ` David S. Miller
2005-03-08 10:27 ` [11/*] [NET] Move dst_release out of dst->ops->check Herbert Xu
2005-03-08 12:50 ` YOSHIFUJI Hideaki / 吉藤英明
2005-03-11 2:17 ` David S. Miller
2005-03-14 10:26 ` [12/*] [IPSEC] Handle local_df in IPv4 Herbert Xu
2005-03-14 10:53 ` [13/*] [IPV4] Fix room calculation in icmp_send Herbert Xu
2005-03-14 11:10 ` [14/*] [IPV6] Reload skb->dst after xfrm6_route_forward Herbert Xu
2005-03-15 5:27 ` David S. Miller
2005-03-15 9:19 ` [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data Herbert Xu
2005-03-15 9:58 ` [16/*] [INET] Take IPsec overhead into account in tunnels Herbert Xu
2005-03-15 10:05 ` [17/*] [NET] Replace dst_pmtu with dst_mtu Herbert Xu
2005-03-15 18:24 ` David S. Miller
2005-03-15 19:02 ` Patrick McHardy
2005-03-15 20:40 ` Replace send_unreach with icmp_send Herbert Xu
2005-03-15 20:48 ` Patrick McHardy
2005-03-16 10:51 ` [IPV4] Make ipt_REJECT use icmp_send again Herbert Xu
2005-03-16 19:00 ` Patrick McHardy
2005-03-16 22:44 ` David S. Miller
2005-03-17 10:51 ` [IPV4] Send TCP reset through dst_output in ipt_REJECT Herbert Xu
2005-03-17 18:06 ` David S. Miller
2005-03-15 20:31 ` [17/*] [NET] Replace dst_pmtu with dst_mtu Herbert Xu
2005-03-15 10:20 ` [16/*] [INET] Take IPsec overhead into account in tunnels Lennert Buytenhek
2005-03-15 10:27 ` Herbert Xu
2005-03-15 18:20 ` David S. Miller
2005-03-18 9:03 ` [21/*] [IPv4] Fix MTU check in ipmr_queue_xmit Herbert Xu
2005-03-18 9:11 ` [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS Herbert Xu
2005-03-18 9:19 ` [23/*] [IPV4] Kill remaining unnecessary uses of dst_pmtu Herbert Xu
2005-03-18 10:07 ` [24/*] [IPSEC] Get ttl from child instead of path Herbert Xu
2005-03-18 10:11 ` [25/*] [NET] Kill unnecessary uses of dst_path_metric Herbert Xu
2005-03-18 11:06 ` [26/*] [NET] Kill dst_pmtu/dst_path_metric Herbert Xu
2005-03-18 11:28 ` [27/*] [NET] Make dst_allfrag use dst instead of dst->path Herbert Xu
2005-03-18 18:47 ` David S. Miller
2005-03-18 18:46 ` [26/*] [NET] Kill dst_pmtu/dst_path_metric David S. Miller
2005-03-18 18:44 ` [25/*] [NET] Kill unnecessary uses of dst_path_metric David S. Miller
2005-03-18 18:43 ` [24/*] [IPSEC] Get ttl from child instead of path David S. Miller
2005-03-18 18:41 ` [23/*] [IPV4] Kill remaining unnecessary uses of dst_pmtu David S. Miller
2005-03-18 18:40 ` [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS David S. Miller
2005-03-20 15:46 ` Patrick McHardy
2005-03-20 16:32 ` Ludo Stellingwerff
2005-03-20 17:17 ` Lennert Buytenhek
2005-03-20 17:49 ` Patrick McHardy
2005-03-20 18:11 ` Ludo Stellingwerff
2005-03-20 18:22 ` Patrick McHardy
2005-03-20 18:43 ` jamal
2005-03-20 19:10 ` Patrick McHardy
2005-03-30 9:49 ` Extending xfrm_selector (Was: [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS) Herbert Xu
2005-03-23 3:49 ` [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS David S. Miller
2005-03-23 4:03 ` Patrick McHardy
2005-03-24 5:05 ` Netfilter+IPsec Patrick McHardy
2005-03-24 5:43 ` Netfilter+IPsec David S. Miller
2005-03-25 2:53 ` Netfilter+IPsec Herbert Xu
2005-03-25 5:10 ` Netfilter+IPsec Patrick McHardy
2005-03-23 9:24 ` [22/*] [NETFILTER] Use correct IPsec MTU in TCPMSS Herbert Xu
2005-03-18 18:39 ` [21/*] [IPv4] Fix MTU check in ipmr_queue_xmit David S. Miller
2005-03-15 18:18 ` [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data David S. Miller
2005-03-16 11:31 ` Herbert Xu
2005-03-16 22:02 ` David S. Miller
2005-03-21 16:14 ` Mika Penttilä
2005-03-21 20:28 ` Herbert Xu
2005-03-21 21:29 ` Mika Penttilä
2005-03-21 22:04 ` Herbert Xu
2005-03-15 5:26 ` [13/*] [IPV4] Fix room calculation in icmp_send David S. Miller
2005-03-15 5:25 ` [12/*] [IPSEC] Handle local_df in IPv4 David S. Miller
2005-03-15 18:25 ` YOSHIFUJI Hideaki / 吉藤英明
2005-03-15 18:28 ` YOSHIFUJI Hideaki / 吉藤英明
2005-03-28 20:10 ` [4/4] [IPSEC] Store MTU at each xfrm_dst Patrick McHardy
2005-03-28 23:30 ` [IPSEC] Move xfrm_flush_bundles into xfrm_state GC Herbert Xu
2005-03-31 0:10 ` Patrick McHardy
2005-04-01 5:21 ` David S. Miller
2005-03-28 23:39 ` Checking SPI in xfrm_state_find Herbert Xu
2005-03-31 0:13 ` Patrick McHardy
2005-03-31 0:46 ` Herbert Xu
2005-04-01 5:23 ` David S. Miller
2005-04-02 0:49 ` [IPSEC]: Kill nested read lock by deleting xfrm_init_tempsel Herbert Xu
2005-04-02 1:20 ` David S. Miller
2005-04-02 2:09 ` Herbert Xu
2005-04-03 16:48 ` Patrick McHardy
2005-04-05 10:39 ` Herbert Xu
2005-04-05 20:01 ` Patrick McHardy
2005-04-06 2:21 ` Herbert Xu
2005-04-21 23:35 ` David S. Miller
2005-04-21 23:52 ` Herbert Xu
2005-04-21 23:53 ` Patrick McHardy [this message]
2005-04-22 3:13 ` David S. Miller
2005-04-03 17:00 ` Checking SPI in xfrm_state_find Patrick McHardy
2005-02-15 8:10 ` [3/4] [IPSEC] Add route element to xfrm_dst Mika Penttilä
2005-02-15 9:53 ` Herbert Xu
2005-02-15 10:22 ` Mika Penttilä
2005-03-07 5:28 ` David S. Miller
2005-03-07 10:02 ` Herbert Xu
2005-03-07 10:16 ` [IPSEC] Kill redundan dst_release check in xfrm_dst_destroy Herbert Xu
2005-03-07 17:35 ` David S. Miller
2005-03-14 11:52 ` [3/4] [IPSEC] Add route element to xfrm_dst Patrick McHardy
2005-03-14 20:32 ` Herbert Xu
2005-03-15 19:05 ` Patrick McHardy
2005-03-07 5:23 ` [2/4] [IPSEC] Add xfrm_state_mtu David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42683D07.6090808@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=jmorris@redhat.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=netdev@oss.sgi.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).