Re: [PATCH] netdev: Reset ipv4 flags during bundle creation on interfamily ipsec
On Mon, Oct 22, 2007 at 09:55:53AM +0300, Joakim Koskela wrote:
>
> Hi, and thanks for the feedback. True, this one affects only one level of
> inter-family, and supporting more would require a lot more changes in the
> bundle creation (perhaps combining both versions and taking better into
> account the outer family of the last transformation..).
I think I should have this fixed with my current tree. I'll
either post that tonight or tomorrow.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] netdev: Reset ipv4 flags during bundle creation on interfamily ipsec
On Friday 19 October 2007 17:25:49 Herbert Xu wrote: > Joakim Koskela <[EMAIL PROTECTED]> wrote: > > I'm not sure I follow. This affects the ipv6 bundling only where the > > struct (fl_tunnel) has previously been used for ipv6 addresses. Not that > > we are using the same block for holding the ipv4 info, the tos-value is > > really undefined before we reset it. > > You're right. But sure the same bug could affect IPv4 as well > if you had a 4-6-4 configuration. Let me think about this one > a bit more. Hi, and thanks for the feedback. True, this one affects only one level of inter-family, and supporting more would require a lot more changes in the bundle creation (perhaps combining both versions and taking better into account the outer family of the last transformation..). Another quite annoying example of this is that 6 in 4 actually crashes the kernel on 64 bit, as xfrm_dst_lookup around xfrm6_policy.c:197 changes rt from a rt6_info to a rtable. On 64 bit, rt->rt61i_node will usually contain something (due to the larger pointer size), making the path_cookie assignment on line 208 crash. I've been trying address this in a proper manner, but it hasn't really progressed quite the way I've wanted (..thus this shallow patch, just to make 6-4 inter-work in most cases on the standard kernel). Needless to say, any work done for this would be greatly appreciated :) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] netdev: Reset ipv4 flags during bundle creation on interfamily ipsec
Joakim Koskela <[EMAIL PROTECTED]> wrote:
>
> I'm not sure I follow. This affects the ipv6 bundling only where the struct
> (fl_tunnel) has previously been used for ipv6 addresses. Not that we are
> using the same block for holding the ipv4 info, the tos-value is really
> undefined before we reset it.
You're right. But sure the same bug could affect IPv4 as well
if you had a 4-6-4 configuration. Let me think about this one
a bit more.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] netdev: Reset ipv4 flags during bundle creation on interfamily ipsec
On Friday 19 October 2007 16:09:05 Herbert Xu wrote: > On Fri, Oct 19, 2007 at 02:40:16PM +0300, Joakim Koskela wrote: > > > > This bit was chopped off the larger patch dealing with the problems > > related to creating the bundles for inter-family tranformations. > > This changes behaviour. Previously the same TOS value would be > used all the way through. With this it won't apply to the first > tunnel and every SA after it. > > Cheers, I'm not sure I follow. This affects the ipv6 bundling only where the struct (fl_tunnel) has previously been used for ipv6 addresses. Not that we are using the same block for holding the ipv4 info, the tos-value is really undefined before we reset it. br, j - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] netdev: Reset ipv4 flags during bundle creation on interfamily ipsec
On Fri, Oct 19, 2007 at 02:40:16PM +0300, Joakim Koskela wrote:
> This patch resets the ipv4-related flags in the new flow as their
> content will otherwise depend on the bits of the ipv6 addresses the
> struct was previously used for. For example, fl4_tos might have
> RTO_ONLINK set, which usually prevents the right route from being
> found.
>
> This bit was chopped off the larger patch dealing with the problems
> related to creating the bundles for inter-family tranformations.
This changes behaviour. Previously the same TOS value would be
used all the way through. With this it won't apply to the first
tunnel and every SA after it.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
