Herbert Xu wrote:

On Mon, Mar 28, 2005 at 10:10:54PM +0200, Patrick McHardy wrote:

quoted

Something unrelated I was also wondering about, from xfrm_find_state():

       list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
               if (x->props.family == family &&
                   x->props.reqid == tmpl->reqid &&
                   xfrm_state_addr_check(x, daddr, saddr, family) &&
                   tmpl->mode == x->props.mode &&
                   tmpl->id.proto == x->id.proto) {

Shouldn't we check for (tmpl->id.spi == x->id.spi || !tmpl->id.spi) ?

Absolutely.  We should also fix the larval state generation in that
same function to fail the operation if that SPI already exists.

Thanks, both done by these two patches.

Regards
Patrick