diff options
author | Cedric Schieli <cschieli@gmail.com> | 2010-04-21 08:05:41 +0000 |
---|---|---|
committer | Cedric Schieli <cschieli@gmail.com> | 2010-04-21 08:07:00 +0000 |
commit | f6060f09c7ce9ee321b65b86f583251a94b39eeb (patch) | |
tree | 692c5e737e4ca785408560e9bafce96ad1ceaafd /main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch | |
parent | 93d401987e9e376a7e402aeb32141114f05f4af7 (diff) | |
download | aports-f6060f09c7ce9ee321b65b86f583251a94b39eeb.tar.bz2 aports-f6060f09c7ce9ee321b65b86f583251a94b39eeb.tar.xz |
main/linux-pae: sync with main/linux-grsec
Diffstat (limited to 'main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch')
-rw-r--r-- | main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch b/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch new file mode 100644 index 0000000000..d4de0e1d58 --- /dev/null +++ b/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch @@ -0,0 +1,110 @@ +From 21ee14f92ef1b6d4ca965c9b59135f3462919631 Mon Sep 17 00:00:00 2001 +From: Herbert Xu <herbert@gondor.apana.org.au> +Date: Tue, 2 Mar 2010 02:51:56 +0000 +Subject: [PATCH 09/18] ipsec: Fix bogus bundle flowi + +When I merged the bundle creation code, I introduced a bogus +flowi value in the bundle. Instead of getting from the caller, +it was instead set to the flow in the route object, which is +totally different. + +The end result is that the bundles we created never match, and +we instead end up with an ever growing bundle list. + +Thanks to Jamal for find this problem. + +Reported-by: Jamal Hadi Salim <hadi@cyberus.ca> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +Acked-by: Steffen Klassert <steffen.klassert@secunet.com> +Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> +Signed-off-by: David S. Miller <davem@davemloft.net> +(cherry picked from commit 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9) +--- + include/net/xfrm.h | 3 ++- + net/ipv4/xfrm4_policy.c | 5 +++-- + net/ipv6/xfrm6_policy.c | 3 ++- + net/xfrm/xfrm_policy.c | 7 ++++--- + 4 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/include/net/xfrm.h b/include/net/xfrm.h +index 223e90a..6960be2 100644 +--- a/include/net/xfrm.h ++++ b/include/net/xfrm.h +@@ -273,7 +273,8 @@ struct xfrm_policy_afinfo { + struct dst_entry *dst, + int nfheader_len); + int (*fill_dst)(struct xfrm_dst *xdst, +- struct net_device *dev); ++ struct net_device *dev, ++ struct flowi *fl); + }; + + extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); +diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c +index 74fb2eb..7009886 100644 +--- a/net/ipv4/xfrm4_policy.c ++++ b/net/ipv4/xfrm4_policy.c +@@ -92,11 +92,12 @@ static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst, + return 0; + } + +-static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) ++static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, ++ struct flowi *fl) + { + struct rtable *rt = (struct rtable *)xdst->route; + +- xdst->u.rt.fl = rt->fl; ++ xdst->u.rt.fl = *fl; + + xdst->u.dst.dev = dev; + dev_hold(dev); +diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c +index 8ec3d45..3f89ab7 100644 +--- a/net/ipv6/xfrm6_policy.c ++++ b/net/ipv6/xfrm6_policy.c +@@ -117,7 +117,8 @@ static int xfrm6_init_path(struct xfrm_dst *path, struct dst_entry *dst, + return 0; + } + +-static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) ++static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, ++ struct flowi *fl) + { + struct rt6_info *rt = (struct rt6_info*)xdst->route; + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index cb81ca3..d75047c 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1341,7 +1341,8 @@ static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst, + return err; + } + +-static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) ++static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, ++ struct flowi *fl) + { + struct xfrm_policy_afinfo *afinfo = + xfrm_policy_get_afinfo(xdst->u.dst.ops->family); +@@ -1350,7 +1351,7 @@ static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) + if (!afinfo) + return -EINVAL; + +- err = afinfo->fill_dst(xdst, dev); ++ err = afinfo->fill_dst(xdst, dev, fl); + + xfrm_policy_put_afinfo(afinfo); + +@@ -1454,7 +1455,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, + for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) { + struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev; + +- err = xfrm_fill_dst(xdst, dev); ++ err = xfrm_fill_dst(xdst, dev, fl); + if (err) + goto free_dst; + +-- +1.7.0.2 + |