Re: _decode_session6 not setting fl->proto

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

One other thing. The setkey command supports specifying the type and code when inserting a security policy for ICMP or ICMPv6. However, it does not appear that __xfrm[46]_selector_match nor _decode_session[46] handle ICMP or ICMPv6. Shouldn't fl->fl_icmp_type and fl->fl_icmp_code also be set in _decode_session[456] when the header is an ICMP or ICMPv6 packet?

__xfrm[46]_selector_match will also need to be modified so that they properly handle ICMP and ICMPv6 types and codes.

Brian Buesker

Mika Penttilä wrote:



Brian Buesker wrote:

In 2.6.0-test8 (and older versions), is there a reason why _decode_session6 does not set fl->proto at all? I tried to find


Because it is a bug :)

another place where it might be getting set, but I did not see any instance of this? The equivalent IPv4 function (_decode_session4) does set fl->proto to iph->protocol at the end of the function? Shouldn't the protocol get set so that inbound packets can be correctly checked against the entries in the SPD?



--Mika


-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux