Re: [PATCH 14/23] [PATCH] [XFRM]: Restrict authentication algorithm only... | netdev

Re: [PATCH 14/23] [PATCH] [XFRM]: Restrict authentication algorithm only when inbound transformation protocol is IPsec.

From: David Miller <davem@davemloft.net>
Date: 2006-08-02 00:18:28

From: Masahide NAKAMURA <redacted>
Date: Sat, 29 Jul 2006 18:30:38 +0900

-		(tmpl->aalgos & (1<<x->props.aalgo)) &&
+		((tmpl->aalgos & (1<<x->props.aalgo)) ||
+		 !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) &&

This is another instance of a xfrm_id_proto_match() call
which will always evaluate to true, because the userproto
argument is IPSEC_PROTO_ANY.

+static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
+{
+	return (userproto == IPSEC_PROTO_ANY || proto == userproto);
+}

Can you elaborate on how this is supposed to work?  It does not
seem intentional that all of these calls will always evaluate
to true.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help