> In our lspp kernel, xfrm_policy_lookup() returns -ESRCH to > flow_cache_lookup() when he is not able to find a policy. > (as is the case with unlabeled_packets) > flow_cache_lookup() then processes this as an error. > > In the upstream kernel (I have been looking at 2.6.20-rc3-git4), > xfrm_policy_lookup() returns 0 in this case... > > flow_cache_lookup() then treats it as an error in lspp kernel > and as a success in the 2.6.0-rc3-git4 kernel.org kernel. > > I tried the following patch and I was finally able to receive > unlabeled packets in lspp kernel when a single ipsec policy > is entered!
Right on the dot. Seems like the bug was introduced when backporting patch 2 from the following patch series (IPSec leak patch) to the lspp kernel: http://marc.theaimsgroup.com/?l=linux-netdev&m=116041139109839&w=2 Like you mentioned, this is appplicable only to the lspp kernel. > > Please let me know if this looks ok and I am not > jumping the gun. This only applies to our lspp kernel > and was built against lspp62 kernel. > > Regards, > Joy > > diff -urpN linux-2.6.18.ppc64.orig/net/xfrm/xfrm_policy.c > linux-2.6.18.ppc64/net/xfrm/xfrm_policy.c > --- linux-2.6.18.ppc64.orig/net/xfrm/xfrm_policy.c 2007-01-11 > 15:56:23.000000000 -0600 > +++ linux-2.6.18.ppc64/net/xfrm/xfrm_policy.c 2007-01-11 > 16:28:10.000000000 -0600 > @@ -609,7 +609,7 @@ static int xfrm_policy_lookup(struct flo > void **objp, atomic_t **obj_refp) > { > struct xfrm_policy *pol; > - int ret = -ESRCH; > + int ret = 0; > > read_lock_bh(&xfrm_policy_lock); > for (pol = xfrm_policy_list[dir]; pol; pol = pol->next) { > @@ -627,6 +627,8 @@ static int xfrm_policy_lookup(struct flo > xfrm_pol_hold(pol); > break; > } > + if (ret == -ESRCH) > + ret = 0; > } > } > read_unlock_bh(&xfrm_policy_lock); > > > > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
