Hi,
2005-08-04, cs keltezéssel 12.56-kor Ulrich Weber ezt írta:
> thanks for revising Patrick! Attached is the updated patch.
> Sorry had no time yet to remove the sysctl variables.
> It will follow in a few weeks if I have more time :)
Ulrich, I already have some code which supports per-state difference
settings, along with optional time limits. I don't know whether or not
the latter would be necessary or not, but putting the per-state diff
values would be trivial. I'll send a patch in a couple of days if I find
the time to hack it together.
Some questions below:
> diff -Nru linux-2.6.13-rc3.org/include/net/xfrm.h
> linux-2.6.13-rc3/include/net/xfrm.h
> --- linux-2.6.13-rc3.org/include/net/xfrm.h 2005-07-18 10:24:11.000000000
> +0200
> +++ linux-2.6.13-rc3/include/net/xfrm.h 2005-08-04 12:28:36.000000000
> +0200
> @@ -134,6 +134,9 @@
> /* State for replay detection */
> struct xfrm_replay_state replay;
>
> + /* Replay detection state at the time we sent the last notification */
> + struct xfrm_replay_state preplay;
> +
> /* Statistics */
> struct xfrm_stats stats;
>
> @@ -301,6 +304,10 @@
> struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
> };
>
> +/* which seqno */
> +#define XFRM_REPLAY_INBOUND 1
> +#define XFRM_REPLAY_OUTBOUND 2
> +
> #define XFRM_KM_TIMEOUT 30
>
> struct xfrm_mgr
> @@ -312,6 +319,7 @@
> struct xfrm_policy *(*compile_policy)(u16 family, int opt, u8
> *data, int len, int *dir);
> int (*new_mapping)(struct xfrm_state *x,
> xfrm_address_t *ipaddr, u16 sport);
> int (*notify_policy)(struct xfrm_policy *x, int
> dir, struct km_event *c);
> + int (*notify_seq)(struct xfrm_state *x, u32 pid,
> u32 seq);
Why do you need the pid and seq argument here? The sequence number is
redundant information anyway. In turn, you don't seem to pass the event
in to the notify_seq() callback, which could be handy in some cases. So
IMHO something like
notify_seq(struct xfrm_state *x, int event)
would be more general.
> --- linux-2.6.13-rc3.org/net/key/af_key.c 2005-07-18 10:49:41.000000000
> +0200
> +++ linux-2.6.13-rc3/net/key/af_key.c 2005-07-19 10:10:22.000000000 +0200
> @@ -2860,6 +2860,12 @@
> return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_REGISTERED, NULL);
> }
>
> +static int pfkey_send_replay_notify(struct xfrm_state *x, u32 pid, u32 seq)
> +{
> + /* FIXME: To be done*/
> + return 0;
> +}
I also have a PF_KEY implementation of these features, but since we
have to define new message types to support all the features this is a
hard thing... (And consequently the code is more of a hack than correct
implementation.)
--
Regards,
Krisztian Kovacs
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
