On Fri, Aug 01, 2003 at 07:33:38AM +1000, herbert wrote: > > That would be good. The problem right now is that only daddr is used > as a key in xfrm_state_lookup. If we use both saddr/daddr then we can > even set spi to zero if we use the saddr in the spi_hash too. In fact this is a serious bug. Because we don't take saddr into account, we will end up rejecting valid SPIs from remote peers should two different peers choose the same SPI. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html