aboutsummaryrefslogtreecommitdiffstats
path: root/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch
diff options
context:
space:
mode:
Diffstat (limited to 'testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch')
-rw-r--r--testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch81
1 files changed, 0 insertions, 81 deletions
diff --git a/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch b/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch
deleted file mode 100644
index 9793ba245b..0000000000
--- a/testing/linux-grsec/0005-xfrm-SP-lookups-with-mark.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 57fbea87dccb6eee5c5b588c518fd4b265496016 Mon Sep 17 00:00:00 2001
-From: Jamal Hadi Salim <hadi@cyberus.ca>
-Date: Mon, 22 Feb 2010 11:32:58 +0000
-Subject: [PATCH 5/7] xfrm: SP lookups with mark
-
-Allow mark to be used when doing SP lookup
-
-Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/xfrm/xfrm_policy.c | 12 +++++++++++-
- 1 files changed, 11 insertions(+), 1 deletions(-)
-
-diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 8376d55..3de990f 100644
---- a/net/xfrm/xfrm_policy.c
-+++ b/net/xfrm/xfrm_policy.c
-@@ -556,6 +556,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
- struct hlist_head *chain;
- struct hlist_node *entry, *newpos;
- struct dst_entry *gc_list;
-+ u32 mark = policy->mark.v & policy->mark.m;
-
- write_lock_bh(&xfrm_policy_lock);
- chain = policy_hash_bysel(net, &policy->selector, policy->family, dir);
-@@ -564,6 +565,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
- hlist_for_each_entry(pol, entry, chain, bydst) {
- if (pol->type == policy->type &&
- !selector_cmp(&pol->selector, &policy->selector) &&
-+ (mark & pol->mark.m) == pol->mark.v &&
- xfrm_sec_ctx_match(pol->security, policy->security) &&
- !WARN_ON(delpol)) {
- if (excl) {
-@@ -650,6 +652,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u8 type,
- ret = NULL;
- hlist_for_each_entry(pol, entry, chain, bydst) {
- if (pol->type == type &&
-+ (mark & pol->mark.m) == pol->mark.v &&
- !selector_cmp(sel, &pol->selector) &&
- xfrm_sec_ctx_match(ctx, pol->security)) {
- xfrm_pol_hold(pol);
-@@ -692,7 +695,8 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8 type,
- chain = net->xfrm.policy_byidx + idx_hash(net, id);
- ret = NULL;
- hlist_for_each_entry(pol, entry, chain, byidx) {
-- if (pol->type == type && pol->index == id) {
-+ if (pol->type == type && pol->index == id &&
-+ (mark & pol->mark.m) == pol->mark.v) {
- xfrm_pol_hold(pol);
- if (delete) {
- *err = security_xfrm_policy_delete(
-@@ -909,6 +913,7 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
- int match, ret = -ESRCH;
-
- if (pol->family != family ||
-+ (fl->mark & pol->mark.m) != pol->mark.v ||
- pol->type != type)
- return ret;
-
-@@ -1033,6 +1038,10 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
- int err = 0;
-
- if (match) {
-+ if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {
-+ pol = NULL;
-+ goto out;
-+ }
- err = security_xfrm_policy_lookup(pol->security,
- fl->secid,
- policy_to_flow_dir(dir));
-@@ -1045,6 +1054,7 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
- } else
- pol = NULL;
- }
-+out:
- read_unlock_bh(&xfrm_policy_lock);
- return pol;
- }
---
-1.6.3.3
-