Message ID | 87hc6npz4c.fsf@natisbad.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Tue, Nov 04, 2008 at 11:24:51AM +0100, Arnaud Ebalard wrote: > Hi, > > While adding MIGRATE support to strongSwan, Andreas Steffen noticed that > the selectors provided in XFRM_MSG_ACQUIRE have their family field > uninitialized (those in MIGRATE do have their family set). > > Looking at the code, this is because the af-specific init_tempsel() > (called via afinfo->init_tempsel() in xfrm_init_tempsel()) do not set > the value. > > Even if current apps probably do not rely on it, is there any argument > for not doing it or is it just an omission? > > The patch below is more for discussion than anything else. We should ask the MIP6 folks since this may affect them. > Reported-by: Andreas Steffen <andreas.steffen@strongswan.org> > Signed-off-by: Arnaud Ebalard <arno@natisbad.org> > --- > net/ipv4/xfrm4_state.c | 1 + > net/ipv6/xfrm6_state.c | 1 + > 2 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c > index 07735ed..55dc6be 100644 > --- a/net/ipv4/xfrm4_state.c > +++ b/net/ipv4/xfrm4_state.c > @@ -33,6 +33,7 @@ __xfrm4_init_tempsel(struct xfrm_state *x, struct flowi *fl, > x->sel.dport_mask = htons(0xffff); > x->sel.sport = xfrm_flowi_sport(fl); > x->sel.sport_mask = htons(0xffff); > + x->sel.family = AF_INET; > x->sel.prefixlen_d = 32; > x->sel.prefixlen_s = 32; > x->sel.proto = fl->proto; > diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c > index 89884a4..60c78cf 100644 > --- a/net/ipv6/xfrm6_state.c > +++ b/net/ipv6/xfrm6_state.c > @@ -34,6 +34,7 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl, > x->sel.dport_mask = htons(0xffff); > x->sel.sport = xfrm_flowi_sport(fl); > x->sel.sport_mask = htons(0xffff); > + x->sel.family = AF_INET6; > x->sel.prefixlen_d = 128; > x->sel.prefixlen_s = 128; > x->sel.proto = fl->proto; Cheers,
Hi, Herbert Xu <herbert@gondor.apana.org.au> writes: > On Tue, Nov 04, 2008 at 11:24:51AM +0100, Arnaud Ebalard wrote: >> Hi, >> >> While adding MIGRATE support to strongSwan, Andreas Steffen noticed that >> the selectors provided in XFRM_MSG_ACQUIRE have their family field >> uninitialized (those in MIGRATE do have their family set). >> >> Looking at the code, this is because the af-specific init_tempsel() >> (called via afinfo->init_tempsel() in xfrm_init_tempsel()) do not set >> the value. >> >> Even if current apps probably do not rely on it, is there any argument >> for not doing it or is it just an omission? >> >> The patch below is more for discussion than anything else. > > We should ask the MIP6 folks since this may affect them. Sorry Herbert, my initial comment was misleading: the family is not set in the selectors provided in the *XFRM_MSG_ACQUIRE*, which is not MIPv6 related. I could check again, but I think the patch below will impact all native key managers. Or did I miss something and there is a specific reason why MIPv6 folks may be impacted? >> Reported-by: Andreas Steffen <andreas.steffen@strongswan.org> >> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> >> --- >> net/ipv4/xfrm4_state.c | 1 + >> net/ipv6/xfrm6_state.c | 1 + >> 2 files changed, 2 insertions(+), 0 deletions(-) >> >> diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c >> index 07735ed..55dc6be 100644 >> --- a/net/ipv4/xfrm4_state.c >> +++ b/net/ipv4/xfrm4_state.c >> @@ -33,6 +33,7 @@ __xfrm4_init_tempsel(struct xfrm_state *x, struct flowi *fl, >> x->sel.dport_mask = htons(0xffff); >> x->sel.sport = xfrm_flowi_sport(fl); >> x->sel.sport_mask = htons(0xffff); >> + x->sel.family = AF_INET; >> x->sel.prefixlen_d = 32; >> x->sel.prefixlen_s = 32; >> x->sel.proto = fl->proto; >> diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c >> index 89884a4..60c78cf 100644 >> --- a/net/ipv6/xfrm6_state.c >> +++ b/net/ipv6/xfrm6_state.c >> @@ -34,6 +34,7 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl, >> x->sel.dport_mask = htons(0xffff); >> x->sel.sport = xfrm_flowi_sport(fl); >> x->sel.sport_mask = htons(0xffff); >> + x->sel.family = AF_INET6; >> x->sel.prefixlen_d = 128; >> x->sel.prefixlen_s = 128; >> x->sel.proto = fl->proto; > > Cheers, -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Nov 04, 2008 at 12:46:44PM +0100, Arnaud Ebalard wrote: > > Sorry Herbert, my initial comment was misleading: the family is not set > in the selectors provided in the *XFRM_MSG_ACQUIRE*, which is not MIPv6 > related. I could check again, but I think the patch below will impact > all native key managers. Or did I miss something and there is a specific > reason why MIPv6 folks may be impacted? Indeed, you're right. I was thinking of SA creation. > >> Reported-by: Andreas Steffen <andreas.steffen@strongswan.org> > >> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Thanks,
From: Herbert Xu <herbert@gondor.apana.org.au> Date: Tue, 4 Nov 2008 19:52:28 +0800 > On Tue, Nov 04, 2008 at 12:46:44PM +0100, Arnaud Ebalard wrote: > > > > Sorry Herbert, my initial comment was misleading: the family is not set > > in the selectors provided in the *XFRM_MSG_ACQUIRE*, which is not MIPv6 > > related. I could check again, but I think the patch below will impact > > all native key managers. Or did I miss something and there is a specific > > reason why MIPv6 folks may be impacted? > > Indeed, you're right. I was thinking of SA creation. > > > >> Reported-by: Andreas Steffen <andreas.steffen@strongswan.org> > > >> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> > > Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Applied to net-2.6, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index 07735ed..55dc6be 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c @@ -33,6 +33,7 @@ __xfrm4_init_tempsel(struct xfrm_state *x, struct flowi *fl, x->sel.dport_mask = htons(0xffff); x->sel.sport = xfrm_flowi_sport(fl); x->sel.sport_mask = htons(0xffff); + x->sel.family = AF_INET; x->sel.prefixlen_d = 32; x->sel.prefixlen_s = 32; x->sel.proto = fl->proto; diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c index 89884a4..60c78cf 100644 --- a/net/ipv6/xfrm6_state.c +++ b/net/ipv6/xfrm6_state.c @@ -34,6 +34,7 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl, x->sel.dport_mask = htons(0xffff); x->sel.sport = xfrm_flowi_sport(fl); x->sel.sport_mask = htons(0xffff); + x->sel.family = AF_INET6; x->sel.prefixlen_d = 128; x->sel.prefixlen_s = 128; x->sel.proto = fl->proto;
Hi, While adding MIGRATE support to strongSwan, Andreas Steffen noticed that the selectors provided in XFRM_MSG_ACQUIRE have their family field uninitialized (those in MIGRATE do have their family set). Looking at the code, this is because the af-specific init_tempsel() (called via afinfo->init_tempsel() in xfrm_init_tempsel()) do not set the value. Even if current apps probably do not rely on it, is there any argument for not doing it or is it just an omission? The patch below is more for discussion than anything else. Cheers, a+ Reported-by: Andreas Steffen <andreas.steffen@strongswan.org> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> --- net/ipv4/xfrm4_state.c | 1 + net/ipv6/xfrm6_state.c | 1 + 2 files changed, 2 insertions(+), 0 deletions(-)