aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch
diff options
context:
space:
mode:
authorCedric Schieli <cschieli@gmail.com>2010-04-21 08:05:41 +0000
committerCedric Schieli <cschieli@gmail.com>2010-04-21 08:07:00 +0000
commitf6060f09c7ce9ee321b65b86f583251a94b39eeb (patch)
tree692c5e737e4ca785408560e9bafce96ad1ceaafd /main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch
parent93d401987e9e376a7e402aeb32141114f05f4af7 (diff)
downloadaports-f6060f09c7ce9ee321b65b86f583251a94b39eeb.tar.bz2
aports-f6060f09c7ce9ee321b65b86f583251a94b39eeb.tar.xz
main/linux-pae: sync with main/linux-grsec
Diffstat (limited to 'main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch')
-rw-r--r--main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch110
1 files changed, 110 insertions, 0 deletions
diff --git a/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch b/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch
new file mode 100644
index 0000000000..d4de0e1d58
--- /dev/null
+++ b/main/linux-pae/0009-ipsec-Fix-bogus-bundle-flowi.patch
@@ -0,0 +1,110 @@
+From 21ee14f92ef1b6d4ca965c9b59135f3462919631 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 2 Mar 2010 02:51:56 +0000
+Subject: [PATCH 09/18] ipsec: Fix bogus bundle flowi
+
+When I merged the bundle creation code, I introduced a bogus
+flowi value in the bundle. Instead of getting from the caller,
+it was instead set to the flow in the route object, which is
+totally different.
+
+The end result is that the bundles we created never match, and
+we instead end up with an ever growing bundle list.
+
+Thanks to Jamal for find this problem.
+
+Reported-by: Jamal Hadi Salim <hadi@cyberus.ca>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+(cherry picked from commit 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9)
+---
+ include/net/xfrm.h | 3 ++-
+ net/ipv4/xfrm4_policy.c | 5 +++--
+ net/ipv6/xfrm6_policy.c | 3 ++-
+ net/xfrm/xfrm_policy.c | 7 ++++---
+ 4 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/include/net/xfrm.h b/include/net/xfrm.h
+index 223e90a..6960be2 100644
+--- a/include/net/xfrm.h
++++ b/include/net/xfrm.h
+@@ -273,7 +273,8 @@ struct xfrm_policy_afinfo {
+ struct dst_entry *dst,
+ int nfheader_len);
+ int (*fill_dst)(struct xfrm_dst *xdst,
+- struct net_device *dev);
++ struct net_device *dev,
++ struct flowi *fl);
+ };
+
+ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
+diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
+index 74fb2eb..7009886 100644
+--- a/net/ipv4/xfrm4_policy.c
++++ b/net/ipv4/xfrm4_policy.c
+@@ -92,11 +92,12 @@ static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst,
+ return 0;
+ }
+
+-static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
++static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
++ struct flowi *fl)
+ {
+ struct rtable *rt = (struct rtable *)xdst->route;
+
+- xdst->u.rt.fl = rt->fl;
++ xdst->u.rt.fl = *fl;
+
+ xdst->u.dst.dev = dev;
+ dev_hold(dev);
+diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
+index 8ec3d45..3f89ab7 100644
+--- a/net/ipv6/xfrm6_policy.c
++++ b/net/ipv6/xfrm6_policy.c
+@@ -117,7 +117,8 @@ static int xfrm6_init_path(struct xfrm_dst *path, struct dst_entry *dst,
+ return 0;
+ }
+
+-static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
++static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
++ struct flowi *fl)
+ {
+ struct rt6_info *rt = (struct rt6_info*)xdst->route;
+
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index cb81ca3..d75047c 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1341,7 +1341,8 @@ static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst,
+ return err;
+ }
+
+-static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
++static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
++ struct flowi *fl)
+ {
+ struct xfrm_policy_afinfo *afinfo =
+ xfrm_policy_get_afinfo(xdst->u.dst.ops->family);
+@@ -1350,7 +1351,7 @@ static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
+ if (!afinfo)
+ return -EINVAL;
+
+- err = afinfo->fill_dst(xdst, dev);
++ err = afinfo->fill_dst(xdst, dev, fl);
+
+ xfrm_policy_put_afinfo(afinfo);
+
+@@ -1454,7 +1455,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
+ for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) {
+ struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev;
+
+- err = xfrm_fill_dst(xdst, dev);
++ err = xfrm_fill_dst(xdst, dev, fl);
+ if (err)
+ goto free_dst;
+
+--
+1.7.0.2
+