RE: [redhat-lspp] ipsec acquire has security context although I a m not using it.

Tue, 19 Sep 2006 14:59:40 -0700 

This doesn't look right since kzalloc would already have zeroed the
structure out. Are you sure you are getting garbage in the acquire
from the kernel? If you are, I strongly doubt that this would be the
one causing it (unless kzalloc on this arch misbehaved).
Or is this a racoon bug?

> -----Original Message-----
> From: Joy Latten [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 19, 2006 4:17 PM
> To: netdev@vger.kernel.org; redhat-lspp@redhat.com;
> [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [redhat-lspp] ipsec acquire has security context 
> although I am
> not using it.
> 
> 
> 
> When using ipsec while selinux is enabled in my kernel, 
> my racoon daemon fails to establish an SA. I believe the
> ACQUIRE sent from kernel has a security context although I 
> am not using this feature with ipsec. As a result, racoon
> fails to establish the SA, because it is looking for a policy
> with security context. I noticed the security context 
> contains garbage. 
> 
> I am using a pseries, power5, ppc64 box, and it appears
> that since policy->security structure is not really initialized
> or zero'd out when not using, it is possible it may contain garbage
> on my pseries and a call such as "if (policy->security)" may 
> come back as true such that security context is included in
> my acquire message although I believe it should not be. 
> 
> Hopefully, the below patch is acceptable. I have compiled and
> tested it.
> 
> Regards,
> Joy Latten
> 
> 
> diff -urpN linux-2.6.17.orig/net/xfrm/xfrm_policy.c 
> linux-2.6.17.patch/net/xfrm/xfrm_policy.c
> --- linux-2.6.17.orig/net/xfrm/xfrm_policy.c  2006-09-19 
> 02:11:33.000000000 -0500
> +++ linux-2.6.17.patch/net/xfrm/xfrm_policy.c 2006-09-19 
> 04:33:50.000000000 -0500
> @@ -319,6 +319,7 @@ struct xfrm_policy *xfrm_policy_alloc(gf
>               init_timer(&policy->timer);
>               policy->timer.data = (unsigned long)policy;
>               policy->timer.function = xfrm_policy_timer;
> +             policy->security = NULL;
>       }
>       return policy;
>  }
> 
> --
> redhat-lspp mailing list
> redhat-lspp@redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
> 
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to