Re: linux-ipsec: snapbing.tar.gz

On Tue, 1 Dec 1998, Richard Guy Briggs wrote:
> I suspect that permanent error has been fixed in snapshots of the last
> few days, since I have not been able to recreate the problem...

No, I think Kai's problem is still there, and I think I know where it is. Consider the following, from ah_rcv (with some irrelevant code deleted for brevity and clarity):

	for(i = 0; i < IPSEC_NUM_IF; i++) {
		sprintf(name, "ipsec%d", i);
		if(debug_ah) {
			if((ipsecdev = dev_get(name)) == NULL) {
				printk("klips_error:ah_rcv: device %s does not exist\n", name);
			}
		}
		prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL;
		prvdev = prv ? (struct device *)(prv->dev) : NULL;
		if(prvdev && skb->dev && !strcmp(prvdev->name, skb->dev->name)) {
			stats = (struct enet_statistics *) &(prv->mystats);
			skb->dev = ipsecdev;
			stats->rx_packets++;
			break;
		}
	}
	if(!stats) {
		printk("klips_error:ah_rcv: packet received from physical I/F (%s) not connected to ipsec I/F.  Cannot record stats.\n",
		       skb->dev->name);
		printk("klips_error         May not have SA for decoding.  Is IPSEC traffic expected on this I/F?  Check routing.\n");
	}

What happens here if debug_ah is off? The dev_get lookup never gets done, and so ipsecdev stays NULL as initialized, and so prv and prvdev are set to NULL, and so stats never gets set, and so the error message comes out whether it is appropriate or not.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)