Message ID | 1227629406.21037.193.camel@martin |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
I'm wondering what's the state of this patch. Should I resubmit without [RFC]? Something else wrong with it? It has been tagged as "Accepted" in patchworks, but isn't gone anywhere so far. Thanks Martin On Tue, 2008-11-25 at 17:10 +0100, Martin Willi wrote: > Installing SAs using the XFRM_STATE_AF_UNSPEC fails on hosts with > support for one address family only. This patch accepts such SAs, even > if the processing of not supported packets will fail. > > Signed-off-by: Martin Willi <martin@strongswan.org> > > --- > For me the meaning of that flag is not really clear. If it means > "I-want-to-run-v6-in-v4-or-vice-versa" then the current behavior > (reject SA) is probably ok. > However, in my understanding ("accept-any-inner-address-family"), the > kernel should accept such SAs. Otherwise userspace has to query the > supported address families. > > diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c > index 508337f..456782b 100644 > --- a/net/xfrm/xfrm_state.c > +++ b/net/xfrm/xfrm_state.c > @@ -2032,8 +2032,9 @@ int xfrm_init_state(struct xfrm_state *x) > x->inner_mode = inner_mode; > } else { > struct xfrm_mode *inner_mode_iaf; > + int iafamily = AF_INET; > > - inner_mode = xfrm_get_mode(x->props.mode, AF_INET); > + inner_mode = xfrm_get_mode(x->props.mode, x->props.family); > if (inner_mode == NULL) > goto error; > > @@ -2041,22 +2042,17 @@ int xfrm_init_state(struct xfrm_state *x) > xfrm_put_mode(inner_mode); > goto error; > } > + x->inner_mode = inner_mode; > > - inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6); > - if (inner_mode_iaf == NULL) > - goto error; > + if (x->props.family == AF_INET) > + iafamily = AF_INET6; > > - if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) { > - xfrm_put_mode(inner_mode_iaf); > - goto error; > - } > - > - if (x->props.family == AF_INET) { > - x->inner_mode = inner_mode; > - x->inner_mode_iaf = inner_mode_iaf; > - } else { > - x->inner_mode = inner_mode_iaf; > - x->inner_mode_iaf = inner_mode; > + inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily); > + if (inner_mode_iaf) { > + if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL) > + x->inner_mode_iaf = inner_mode_iaf; > + else > + xfrm_put_mode(inner_mode_iaf); > } > } > > > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Martin Willi <martin@strongswan.org> Date: Tue, 02 Dec 2008 10:49:24 +0100 > I'm wondering what's the state of this patch. Should I resubmit without > [RFC]? Something else wrong with it? > > It has been tagged as "Accepted" in patchworks, but isn't gone anywhere > so far. Sorry, I accidently advanced the state, it should still be in "under review". Let me fix that. I want to do some research before I apply this patch, so please be patient. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Martin Willi <martin@strongswan.org> Date: Tue, 25 Nov 2008 17:10:06 +0100 > Installing SAs using the XFRM_STATE_AF_UNSPEC fails on hosts with > support for one address family only. This patch accepts such SAs, even > if the processing of not supported packets will fail. > > Signed-off-by: Martin Willi <martin@strongswan.org> > > --- > For me the meaning of that flag is not really clear. If it means > "I-want-to-run-v6-in-v4-or-vice-versa" then the current behavior > (reject SA) is probably ok. > However, in my understanding ("accept-any-inner-address-family"), the > kernel should accept such SAs. Otherwise userspace has to query the > supported address families. Ok, your interpretation works for me, I've applied this to net-next-2.6, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 508337f..456782b 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2032,8 +2032,9 @@ int xfrm_init_state(struct xfrm_state *x) x->inner_mode = inner_mode; } else { struct xfrm_mode *inner_mode_iaf; + int iafamily = AF_INET; - inner_mode = xfrm_get_mode(x->props.mode, AF_INET); + inner_mode = xfrm_get_mode(x->props.mode, x->props.family); if (inner_mode == NULL) goto error; @@ -2041,22 +2042,17 @@ int xfrm_init_state(struct xfrm_state *x) xfrm_put_mode(inner_mode); goto error; } + x->inner_mode = inner_mode; - inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6); - if (inner_mode_iaf == NULL) - goto error; + if (x->props.family == AF_INET) + iafamily = AF_INET6; - if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) { - xfrm_put_mode(inner_mode_iaf); - goto error; - } - - if (x->props.family == AF_INET) { - x->inner_mode = inner_mode; - x->inner_mode_iaf = inner_mode_iaf; - } else { - x->inner_mode = inner_mode_iaf; - x->inner_mode_iaf = inner_mode; + inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily); + if (inner_mode_iaf) { + if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL) + x->inner_mode_iaf = inner_mode_iaf; + else + xfrm_put_mode(inner_mode_iaf); } }
Installing SAs using the XFRM_STATE_AF_UNSPEC fails on hosts with support for one address family only. This patch accepts such SAs, even if the processing of not supported packets will fail. Signed-off-by: Martin Willi <martin@strongswan.org> --- For me the meaning of that flag is not really clear. If it means "I-want-to-run-v6-in-v4-or-vice-versa" then the current behavior (reject SA) is probably ok. However, in my understanding ("accept-any-inner-address-family"), the kernel should accept such SAs. Otherwise userspace has to query the supported address families. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html