Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Tue, Oct 24, 2017 at 9:25 PM, Steffen Klassert wrote: > On Tue, Oct 24, 2017 at 09:58:48AM -0700, Jonathan Basseri  wrote: >> On Tue, Oct 24, 2017 at 12:04 AM, Steffen Klassert >> wrote: >> > >> > On Mon, Oct 23, 2017 at 06:18:55PM

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Tue, Oct 24, 2017 at 09:58:48AM -0700, Jonathan Basseri  wrote: > On Tue, Oct 24, 2017 at 12:04 AM, Steffen Klassert > wrote: > > > > On Mon, Oct 23, 2017 at 06:18:55PM -0700, Jonathan Basseri wrote: > > > If a socket has a valid dst cache, then xfrm_lookup_route

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Tue, Oct 24, 2017 at 12:04 AM, Steffen Klassert wrote: > > On Mon, Oct 23, 2017 at 06:18:55PM -0700, Jonathan Basseri wrote: > > If a socket has a valid dst cache, then xfrm_lookup_route will get > > skipped. However, the cache is not invalidated when applying

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Mon, Oct 23, 2017 at 06:18:55PM -0700, Jonathan Basseri wrote: > If a socket has a valid dst cache, then xfrm_lookup_route will get > skipped. However, the cache is not invalidated when applying policy to a > socket (i.e. IPV6_XFRM_POLICY). The result is that new policies are > sometimes

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Mon, Oct 23, 2017 at 6:18 PM, Jonathan Basseri wrote: > If a socket has a valid dst cache, then xfrm_lookup_route will get > skipped. However, the cache is not invalidated when applying policy to a > socket (i.e. IPV6_XFRM_POLICY). The result is that new policies are >

[PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

If a socket has a valid dst cache, then xfrm_lookup_route will get skipped. However, the cache is not invalidated when applying policy to a socket (i.e. IPV6_XFRM_POLICY). The result is that new policies are sometimes ignored on those sockets. (Note: This was broken for IPv4 and IPv6 at different

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Wed, 16 Aug 2017 03:43:54 -0700 Eric Dumazet wrote: > On Wed, 2017-08-16 at 11:03 +0200, Jakub Sitnicki wrote: > > On Tue, 15 Aug 2017 15:25:10 -0700 > > Jonathan Basseri wrote: > > > > > If an IPv6 socket has a valid dst cache, then

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Wed, 2017-08-16 at 11:03 +0200, Jakub Sitnicki wrote: > On Tue, 15 Aug 2017 15:25:10 -0700 > Jonathan Basseri wrote: > > > If an IPv6 socket has a valid dst cache, then xfrm_lookup_route will get > > skipped. However, the cache is not invalidated when applying policy

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Tue, 15 Aug 2017 15:25:10 -0700 Jonathan Basseri wrote: > If an IPv6 socket has a valid dst cache, then xfrm_lookup_route will get > skipped. However, the cache is not invalidated when applying policy to a > socket (i.e. IPV6_XFRM_POLICY). The result is that new

Re: [PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

On Wed, Aug 16, 2017 at 7:25 AM, Jonathan Basseri wrote: > If an IPv6 socket has a valid dst cache Did you look into why IPv4 does not suffer from this problem? That said, clearing the dst cache entry does seem prudent in general.

[PATCH net] xfrm: Clear sk_dst_cache when applying per-socket policy.

If an IPv6 socket has a valid dst cache, then xfrm_lookup_route will get skipped. However, the cache is not invalidated when applying policy to a socket (i.e. IPV6_XFRM_POLICY). The result is that new policies are sometimes ignored on those sockets. This can be demonstrated like so, 1. Create