Re: a couple of comments on xfrm

From: John Williams Floroiu
Date: Wed Mar 24 2004 - 13:16:24 EST

yet another "family" left unset:

--- net/xfrm/xfrm_user.c.orig 2004-03-11 03:55:29.000000000 +0100
+++ net/xfrm/xfrm_user.c 2004-03-24 17:26:07.000000000 +0100
@@ -678,6 +678,7 @@
up->reqid = kp->reqid;
up->mode = kp->mode;
up->share = kp->share;
+ up->family = xp->family;
up->optional = kp->optional;
up->aalgos = kp->aalgos;
up->ealgos = kp->ealgos;

similar to the previous one, this time affecting "struct xfrm_tmpl"/"struct xfrm_user_tmpl".


Aidas Kasparas wrote:

John Williams Floroiu wrote:


here are a few comments I have on xfrm:

1. when a SPD entry is added (see "pfkey_spdadd"), xp-> isn't set accordingly. therefore when making a netlink XFRM_MSG_DELPOLICY or XFRM_MSG_GETPOLICY call this information is completely missing because (unlike "xfrm_policy") "xfrm_userpolicy_info" has no "family" member. as a result the selector sent to the kernel must have "family" set to 0, otherwise the match will fail.

the mega patch that fixes this would look like:

--- net/key/af_key.c.orig 2004-03-23 15:39:14.000000000 +0100
+++ net/key/af_key.c 2004-03-23 18:56:43.000000000 +0100
@@ -1863,6 +1863,7 @@
err = -EINVAL;
goto out;
+ xp-> = xp->family;
xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
xp-> = ((struct sockaddr_in *)(sa+1))->sin_port;

At ipsec-tools-devel list poeple find a need for patch like this. Yet it would be very helpfull, if designer of this code could clarify:
1) why two family fields (one in policy, another in selector) are needed;
2) how they differs;
3) how they supposed to be filled.

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at