Re: a couple of comments on xfrm
From: Aidas Kasparas
Date: Wed Mar 24 2004 - 12:32:09 EST
John Williams Floroiu wrote:
2. "xfrm_policy_bysel" compares selectors using memcmp. however, if a
policy rule from say 10.0.0.0/8 to 220.127.116.11/8 (protocol, etc.) has been
established, I guess traffic from 10.1.1.1/32 to 18.104.22.168/32 (same
protocol, etc.) must match it. I believe some functions similar to
__xfrm4_selector_match/__xfrm6_selector_match would be required here.
Take a note where xfrm_policy_bysel() is used. Quick grep over source gave:
In first place user has requested to remove policy specified by policy
description via PF_KEY interface. In second place - user has requested
to get information about policy (and optionally remove it) from policy
list via xfrm interface.
In both of these cases policy should be matched exactly and therefore
present code is corect. This function is not used and is not intended to
be used to find out if some traffic matches selector.
GM Consult Group, UAB
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html