Hi Xin,
> For 'new/update/del', we should do an exact match with
> "mark.v == pol->mark.v && mark.m == pol->mark.m", as these are MSGs to
> manage the policies, every policy should be able to be matched.
Agreed, using an exact match for mark/mask would probably make the most
sense here.
> But fo
On Thu, Jun 11, 2020 at 12:32 AM Xin Long wrote:
>
> On Tue, Jun 9, 2020 at 10:18 PM Tobias Brunner wrote:
> >
> > Hi Xin,
> >
> > >> I guess we could workaround this issue in strongSwan by installing
> > >> policies that share the same mark and selector with the same priority,
> > >> so only one
On Tue, Jun 9, 2020 at 10:18 PM Tobias Brunner wrote:
>
> Hi Xin,
>
> >> I guess we could workaround this issue in strongSwan by installing
> >> policies that share the same mark and selector with the same priority,
> >> so only one instance is ever installed in the kernel. But the inability
> >>
Hi Xin,
>> I guess we could workaround this issue in strongSwan by installing
>> policies that share the same mark and selector with the same priority,
>> so only one instance is ever installed in the kernel. But the inability
>> to address the exact policy when querying/deleting still looks like
a, .
On Mon, Jun 8, 2020 at 8:02 PM Tobias Brunner wrote:
>
> Hi Steffen, Xin,
>
> This change could be problematic. Actually, it's not really this one
> but the original one that causes the issue:
> > Fixes: 7cb8a93968e3 ("xfrm: Allow inserting policies with matching mark and
> > different pr
Hi Steffen, Xin,
This change could be problematic. Actually, it's not really this one
but the original one that causes the issue:
> Fixes: 7cb8a93968e3 ("xfrm: Allow inserting policies with matching mark and
> different priorities")
However, because the code in xfrm_policy_mark_match() treated
From: Xin Long
This waring can be triggered simply by:
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 1 mark 0 mask 0x10 #[1]
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 2 mark 0 mask 0x1 #[2]
# ip xfrm policy
On Mon, May 25, 2020 at 01:53:37PM +0800, Xin Long wrote:
> This waring can be triggered simply by:
>
> # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
> priority 1 mark 0 mask 0x10 #[1]
> # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
>
This waring can be triggered simply by:
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 1 mark 0 mask 0x10 #[1]
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 2 mark 0 mask 0x1 #[2]
# ip xfrm policy update src 192.16
Hello,
syzbot found the following crash on:
HEAD commit:c5ee066333eb ipv6: Consider sk_bound_dev_if when binding a..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=11e796d740
kernel config: https://syzkaller.appspot.com/x/.config?x=b03c5892bb940c76
dashboa
10 matches
Mail list logo
