Hi Xin,
> To fix this duplicated policies issue, and also fix the issue in
> commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
> when doing add/del/get/update on user interfaces, this patch is to change
> to look up a policy with both mark and mask by doing:
>
> mark.v == pol->mark.v && mark.m == pol->mark.m
Looks good, thanks a lot for your work on this. All tests in our
regression test suite complete successfully with this patch applied.
Tested-by: Tobias Brunner <tob...@strongswan.org>
> and leave the check:
>
> ((mark.v & mark.m) & pol->mark.m) == pol->mark.v.
>
> for tx/rx path only.
If you are referring to the check in xfrm_policy_match() it's actually:
(fl->flowi_mark & pol->mark.m) != pol->mark.v
Or more generically something like:
(mark & pol->mark.m) == pol->mark.v
As we only have the mark on the packets/flow (no mask) to match against.
> -static bool xfrm_policy_mark_match(struct xfrm_policy *policy,
> +static bool xfrm_policy_mark_match(const struct xfrm_mark *mark,
> struct xfrm_policy *pol)
> {
> - if (policy->mark.v == pol->mark.v &&
> - policy->priority == pol->priority)
> - return true;
> -
> - return false;
> + return mark->v == pol->mark.v && mark->m == pol->mark.m;
> }
I guess you could make that function `static inline`.
Regards,
Tobias
