On Wed, May 02, 2018 at 01:41:36PM +0100, Dmitry Safonov wrote:
>
> But still it's possible to create ipsec with zero SPI.
> And it seems not making sense to search for a state with SPI hash if
> request has zero SPI.
Fair enough. In fact a zero SPI is legal and defined for IPcomp.
The bug arose
On Wed, 2018-05-02 at 17:11 +0800, Herbert Xu wrote:
> On Wed, May 02, 2018 at 03:02:20AM +0100, Dmitry Safonov wrote:
> > It seems to be a valid use case to add xfrm state without
> > Security Parameter Indexes (SPI) value associated:
> > ip xfrm state add src $src dst $dst proto $proto mode $mode
On Wed, May 02, 2018 at 03:02:20AM +0100, Dmitry Safonov wrote:
> It seems to be a valid use case to add xfrm state without
> Security Parameter Indexes (SPI) value associated:
> ip xfrm state add src $src dst $dst proto $proto mode $mode sel src $src dst
> $dst $algo
>
> The bad thing is that it
It seems to be a valid use case to add xfrm state without
Security Parameter Indexes (SPI) value associated:
ip xfrm state add src $src dst $dst proto $proto mode $mode sel src $src dst
$dst $algo
The bad thing is that it's currently impossible to get/delete the state
without SPI: __xfrm_state_in
