[LTP] lapi/xfrm.h: Include system XFRM header and force kernel IPv6 definition
Martin Doucha
mdoucha@suse.cz
Wed May 27 16:57:40 CEST 2026
On 5/27/26 15:04, linuxtestproject.agent@gmail.com wrote:
> Hi Martin,
>
> On Wed, 27 May 2026, Martin Doucha wrote:
>> [PATCH 1/6] lapi/xfrm.h: Include system XFRM header and force kernel IPv6 definition
>
> The commit subject and the in-code comment contradict what the code actually
> does. #define _UAPI_IPV6_H satisfies the include guard of linux/ipv6.h,
> preventing that header from being pulled in — it does not "force" kernel IPv6
> definitions. Both the subject and comment should be corrected.
>
>> +/* Force use of kernel IPv6 definitions to avoid redefinition errors */
>> +#define _UAPI_IPV6_H
>> +#include <linux/xfrm.h>
The include guard for <linux/ipv6.h> is _IPV6_H so the lapi #define will
not prevent it from being included. It will, however, prevent
redefinition of struct in6_addr in <netinet/in.h> as intended.
The _UAPI_IPV6_H is used in the internal kernel header
"uapi/linux/ipv6.h" which is not used by the test.
> Also needs a commit body explaining what specific redefinition error this
> fixes. linux/ipv6.h contains struct ipv6hdr and friends; the struct in6_addr
> redefinition that typically bites when mixing userspace and kernel IPv6 headers
> comes from linux/in6.h (include guard: _UAPI_LINUX_IN6_H). Please confirm
> that blocking linux/ipv6.h is sufficient and that the real conflict is not
> coming from linux/in6.h, and document the reasoning in the commit message.
The conflict exists only on older systems. The commit message is
sufficient as is.
> --- [PATCH 5/6] xfrm02: Configure xfrm using direct netlink request ---
>
>> - ret = tst_cmd(xfrm_cmd, NULL, NULL, TST_CMD_PASS_RETVAL);
>> - if (ret)
>> - tst_brk(TBROK, "Failed to install xfrm ESP-in-TCP state");
>> + ctx = NETLINK_CREATE_CONTEXT(NETLINK_XFRM);
>
> The patch correctly removes .needs_cmds from xfrm01 after dropping the ip(8)
> call, but the equivalent removal is missing from xfrm02:
>
> .needs_cmds = (struct tst_cmd[]) {
> {.cmd = "ip"},
> {}
> },
>
> ip(8) is no longer invoked; drop .needs_cmds here too.
>
> No linux-git tag for CVE-2026-46300. If a kernel fix commit exists, add one.
>
> --- [PATCH 6/6] xfrm03: Configure xfrm using direct netlink request ---
>
> Same stale .needs_cmds as patch 5/6 — xfrm03 still requires ip(8) in the
> test descriptor even though it is no longer called.
Yes, I forgot to drop .needs_cmds in patch 5 and 6. I can send v2 after
the preceding patches get merged.
--
Martin Doucha mdoucha@suse.cz
SW Quality Engineer
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic
More information about the ltp
mailing list