On Tue, Mar 30, 2010 at 04:33:52PM +0300, Timo Teräs wrote:

Herbert Xu wrote:

quoted

On Tue, Mar 30, 2010 at 03:41:02PM +0300, Timo Teräs wrote:

quoted

So it'd make more sense to nuke the hashes entirely for
per-socket policies?

Absolutely.

I checked now the xfrm_user, and mostly it seems to prevent
modification to per-socket policies.

The only exception is XFRM_MSG_POLEXPIRE handler
xfrm_add_pol_expire(). It calls xfrm_policy_byid() without
verifying the direction, and can thus complete successfully on
a per-socket policy. This can actually result in per-socket
policy deletion via netlink.

That shouldn't be possible since the directions used by socket
policies cannot be set through xfrm_user.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt