From: "Timo Teräs" <timo.teras@iki.fi>
To: David Miller <davem@davemloft.net>
Cc: herbert@gondor.apana.org.au, netdev@vger.kernel.org
Subject: Re: [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension
Date: Fri, 23 Jan 2009 08:18:33 +0200 [thread overview]
Message-ID: <49796139.3090605@iki.fi> (raw)
In-Reply-To: <20090121.222112.245293949.davem@davemloft.net>
David Miller wrote:
> From: Timo Teräs <timo.teras@iki.fi>
>> David Miller wrote:
>>> From: Timo Teräs <timo.teras@iki.fi>
>>>> Is there any particular reason why setting NAT-OA info should/
>>>> must be done using netlink? Or is this just a way to try to
>>>> put more pressure for the change to happen?
>>> Because it isn't deprecated if we keep adding features to it.
>> I would not consider this a new feature. It just makes pfkey
>> act consistently. If you don't want it supported, it'd make
>> more sense to not #define SADB_X_EXT_NAT_T_OA and drop all of
>> the verification code already present than to silently
>> ignore it. Make kernel return an error if some tried using it.
>
> Fair enough, sounds like a reasonable argument.
>
> Herbert what do you think? The proposal is that we just reflect the
> value we get, rather than acting upon it.
Going back to the original patch. Knowing that it's bad idea to
use it for my other purposes, I have no strong feelings to push
for this.
Then again, since as discussed earlier, encap_oa is not used for
anything (and never will be). It's just stored and given back if
requested, so this patch adds nothing new; it just stores and
gives the attribute back if the SA is dumped.
Do note that currently pfkey_msg2xfrm_state() currently allocates
xfrm_encap_tmpl with kmalloc() and leaves encap_oa uninitialized,
thus all SAs with NAT-T created via pfkey currently show random
crap in encap_oa when dumped via "ip xfrm state".
Also the patch I sent first should memset() the encap_oa if
SADB_X_EXT_NAT_T_OA is not present.
If you still consider that the copying of that extension is
inappropriate then maybe memset():ing the encap_oa to zero
would be acceptable?
Cheers,
Timo
next prev parent reply other threads:[~2009-01-23 6:18 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-21 7:34 [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension Timo Teras
2009-01-21 22:33 ` Herbert Xu
2009-01-21 22:40 ` David Miller
2009-01-22 5:56 ` Timo Teräs
2009-01-22 6:03 ` David Miller
2009-01-22 6:14 ` Timo Teräs
2009-01-22 6:21 ` David Miller
2009-01-22 6:32 ` Herbert Xu
2009-01-22 6:39 ` Timo Teräs
2009-01-22 6:47 ` Herbert Xu
2009-01-22 6:54 ` Timo Teräs
2009-01-22 7:39 ` Herbert Xu
2009-01-22 8:31 ` Timo Teräs
2009-01-22 8:50 ` Herbert Xu
2009-01-22 9:24 ` Timo Teräs
2009-01-22 9:41 ` Herbert Xu
2009-01-22 10:00 ` Timo Teräs
2009-01-22 10:10 ` Herbert Xu
2009-01-23 6:18 ` Timo Teräs [this message]
2009-01-23 9:09 ` Herbert Xu
2009-01-22 6:22 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49796139.3090605@iki.fi \
--to=timo.teras@iki.fi \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).