From: YOSHIFUJI Hideaki <[EMAIL PROTECTED]> Date: Thu, 24 Aug 2006 00:02:17 +0900
> From: Masahide NAKAMURA <[EMAIL PROTECTED]> > > For outbound transformation, bundle is checked whether it is > suitable for current flow to be reused or not. In such IPv6 case > as below, transformation may apply incorrect bundle for the flow instead > of creating another bundle: > > - The policy selector has destination prefix length < 128 > (Two or more addresses can be matched it) > - Its bundle holds dst entry of default route whose prefix length < 128 > (Previous traffic was used such route as next hop) > - The policy and the bundle were used a transport mode state and > this time flow address is not matched the bundled state. > > This issue is found by Mobile IPv6 usage to protect mobility signaling > by IPsec, but it is not a Mobile IPv6 specific. > This patch adds strict check to xfrm_bundle_ok() for each > state mode and address when prefix length is less than 128. > > Signed-off-by: Masahide NAKAMURA <[EMAIL PROTECTED]> > Signed-off-by: YOSHIFUJI Hideaki <[EMAIL PROTECTED]> Applied. Maybe ipv4 side wants to check for prefix length < 32? Or does it not matter for some reason under ipv4? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
