On Thu, 5 Oct 2006, Venkat Yekkirala wrote:
> - if (xfrm_policy_match(pol, fl, type, family, dir)) {
> + err = xfrm_policy_match(pol, fl, type, family, dir);
> + if (err) {
> + if (err == -ESRCH)
> + continue;
> + else {
> + ret = ERR_PTR(err);
> + goto fail;
> + }
> + } else {
Semantics issue: if the exact policy match fails with -EACCESS, should we
then try an inexact match before failing?
> #ifdef CONFIG_XFRM_SUB_POLICY
> pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir);
> - if (pol)
> + if (IS_ERR(pol)) {
> + err = PTR_ERR(pol);
> + pol = NULL;
> + }
> + if (pol || err)
> goto end;
Similarly, if the sub-policy lookup returns -EACCESS, should we then try a
main policy lookup before failing?
I would think yes to both.
Opinions?
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
