[Swan-dev] mystery in linux/net/ipsec/ipsec_rcv.c
D. Hugh Redelmeier
hugh at mimosa.com
Sat Jun 30 15:27:05 UTC 2018
(This is kernel code so my understanding of it is limited.)
There are two copies of this code fragment:
if (((struct sockaddr_in6*)(ipsp->ips_addr_s))->sin6_family ==
AF_INET6)
psin6 = (struct sockaddr_in6*)(ipsp->ips_addr_s);
else if (((struct sockaddr_in*)(ipsp->ips_addr_s))->sin_family
== AF_INET6)
psin = (struct sockaddr_in*)(ipsp->ips_addr_s);
I'm guessing that the second AF_INET6 was intended to be AF_INET.
Evidence:
(1) Why would you test a sockaddr_in (an IPv4 IP address) for AF_INET6?
(2) The two tests are for identical conditions.
((struct sockaddr_in6*)(ipsp->ips_addr_s))->sin6_family == AF_INET6
((struct sockaddr_in*)(ipsp->ips_addr_s))->sin_family == AF_INET6
So the second IF will only be executed when its condition will be
false. So the second IF is currently pointless.
Why am I wrong?
If I'm not wrong, why have we not noticed this since it was introduced
by c90c46be434cc0a68a8f5e1b0e88a9d019a9f733 in 2010?
If we fix these two bugs, subsequent code paths will change. So new
problems might appear.
In particular, the current code (quoted above) seems to think IPv6 is
always being used. That's not likely. The following code some how
survives this blunder.
More information about the Swan-dev
mailing list