Thread (114 messages) 114 messages, 9 authors, 2005-04-22

Re: Checking SPI in xfrm_state_find

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2005-03-31 00:46:58 

On Thu, Mar 31, 2005 at 02:13:54AM +0200, Patrick McHardy wrote:
Thanks, both done by these two patches.
Great.

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2005/03/30 06:02:45+02:00 kaber@coreworks.de 
#   [IPSEC]: Check SPI in xfrm_state_find()
#   
#   Signed-off-by: Patrick McHardy [off-list ref]
Looks good.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2005/03/31 02:07:54+02:00 kaber@coreworks.de 
#   [IPSEC]: Check if SPI exists before creating acquire state
#   
#   Signed-off-by: Patrick McHardy [off-list ref]
 
 	x = best;
-	if (!x && !error && !acquire_in_progress &&
-	    ((x = xfrm_state_alloc()) != NULL)) {
+	if (!x && !error && !acquire_in_progress) {
+		x0 = afinfo->state_lookup(&tmpl->id.daddr, tmpl->id.spi, tmpl->id.proto);
It just occured to me that it would be much simpler if you did the
existence check in the first loop.

So something like

		if (x->props.family != family ||
		    !xfrm_state_addr_check(x, daddr, saddr, family) ||
		    tmpl->id.proto == x->id.proto)
			continue;
		if (tmpl->id.spi) {
			if (tmpl->id.spi != x->id.spi)
				continue;
			error = -EEXIST;
		}
		if (x->props.reqid == tmpl->reqid &&
		    tmpl->mode == x->props.mode) {
		}

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help