Steffen Klassert <steffen.klass...@secunet.com> wrote: > On Wed, Nov 01, 2017 at 11:06:08PM +0100, Florian Westphal wrote: > > I also don't understand how address comparision is supposed to work in this > > case, > > it seems that if saddr/daddr are v4 and template v6 we compare full ipv6 > > addresses > > (how would that succeed...?) and, if saddr/daddr is v6 add template is v4 > > we just > > compare the first 32bit of the ipv6 addresses...? > > When we do tunnel or beet mode, we pass saddr and daddr from the > template to xfrm_state_find(), this should be ok. On transport > mode, we pass the addresses from the flowi, assuming that the > IP addresses (and address family) don't change during transformation. > This assumption is wrong in the IPv4 mapped IPv6 case, packet > is IPv4 and template is IPv6.
Right, sendto() uses ipv4 address on ipv6 socket. > I'd propose to use the addresses from the template unconditionally, > like the (untested) patch below does. > > Unfortunalely the reproducer does not work with my config, > sendto returns EAGAIN. Could anybody try this patch? The reproducer no longer causes KASAN spew with your patch, but i don't have a test case that actually creates/uses a tunnel.
