[Openswan Users] KLIPS FC3
Jacco de Leeuw
jacco2 at dds.nl
Tue Apr 19 01:15:52 CEST 2005
Paul Wouters wrote:
>> I noticed that kernel-2.6.11-1.14_FC3 is out. It seems
>> to be based on 2.6.11.7 with several other Fedora patches.
>
> No. For one, the ip xfrm state bug is still present in that kernel,
> so i dont think it is based on .7
I don't get it. The SRPM seems to contain 2.6.11.7:
$ rpm -qpl kernel-2.6.11-1.14_FC3.src.rpm | grep bz2
linux-2.6.11.tar.bz2
patch-2.6.11.7.bz2
I downloaded patch-2.6.11.7.bz2 from kernel.org and it is the same.
What xfrm bug are you referring to? I can find only this in the .7 patch
which deals with xfrm state:
diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
--- a/net/xfrm/xfrm_state.c 2005-04-07 11:58:58 -07:00
+++ b/net/xfrm/xfrm_state.c 2005-04-07 11:58:58 -07:00
@@ -609,7 +609,7 @@
for (i = 0; i < XFRM_DST_HSIZE; i++) {
list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
- if (x->km.seq == seq) {
+ if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
xfrm_state_hold(x);
return x;
}
Which probably corresponds to this entry in the 2.6.11.7 changelog:
<kaber at trash.net>
[PATCH] : Do not hold state lock while checking size
This patch from Herbert Xu fixes a deadlock with IPsec.
When an ICMP frag. required is sent and the ICMP message
needs the same SA as the packet that caused it the state
will be locked twice.
[IPSEC]: Do not hold state lock while checking size.
This can elicit ICMP message output and thus result in a
deadlock.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Chris Wright <chrisw at osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
Which seems to refer to this thread:
http://marc.theaimsgroup.com/?l=linux-netdev&m=111030409923301&w=2
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list