2005-03-10 10:41:13

by Park Lee

[permalink] [raw]
Subject: Re: [Ipsec] Issue on input process of Linux native IPsec

On Fri, 24 Dec 2004 at 16:15, David Dillow wrote:
> xfrm_lookup() is only called for outgoing packets,
> not for received packets. I don't think ping
> replies (ICMP echo replies) will ever have a non-
> NULL sk, as they are not associated with a socket.

But, as we know, The Linux network component creates
two special purpose sockets for use by the AF_INET
protocol family. The tcp socket is used to send resets
when a TCP packet is rejected, since there may be no
local socket corresponding to the packet. The icmp
socket is used to send ICMP messages.

Then, Why did you say that ping replies (ICMP echo
replies) were not associated with a socket?
Is there any difference between the special purpose
socket and the socket you mentioned above?

Thank you.

Best Regards,
Park Lee

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


2005-03-10 16:25:41

by David Dillow

[permalink] [raw]
Subject: Re: [Ipsec] Issue on input process of Linux native IPsec

On Thu, 2005-03-10 at 02:37 -0800, Park Lee wrote:
> On Fri, 24 Dec 2004 at 16:15, David Dillow wrote:
> > xfrm_lookup() is only called for outgoing packets,
> > not for received packets. I don't think ping
> > replies (ICMP echo replies) will ever have a non-
> > NULL sk, as they are not associated with a socket.

> Then, Why did you say that ping replies (ICMP echo
> replies) were not associated with a socket?

Because your crashes where caused by blindly assuming the sk would never
be NULL in xfrm_lookup(), and it clearly was. The simple debugging
printk() I suggested you insert with your code would have shown you that
that was the reason for your crashes.

And if I was feeling nice that day, which is possible, since it was
Christmas Eve, I may have even put the printk() in myself and tested.

> Is there any difference between the special purpose
> socket and the socket you mentioned above?

I have no idea. You have the code, and probably as much understanding of
the networking stack as I do. I suggest you use find and grep to track
down the what you are interested in, and how xfrm_lookup() is called in
various situations. Take good notes, especially about avenues of
exploration that come time mind as you chase one code path. It's not
very hard, it's how I learned.
--
Dave Dillow <[email protected]>