diff options
Diffstat (limited to 'main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch')
| -rw-r--r-- | main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch b/main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch deleted file mode 100644 index d4de0e1d5..000000000 --- a/main/linux-grsec/0009-ipsec-Fix-bogus-bundle-flowi.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 21ee14f92ef1b6d4ca965c9b59135f3462919631 Mon Sep 17 00:00:00 2001 -From: Herbert Xu <herbert@gondor.apana.org.au> -Date: Tue, 2 Mar 2010 02:51:56 +0000 -Subject: [PATCH 09/18] ipsec: Fix bogus bundle flowi - -When I merged the bundle creation code, I introduced a bogus -flowi value in the bundle. Instead of getting from the caller, -it was instead set to the flow in the route object, which is -totally different. - -The end result is that the bundles we created never match, and -we instead end up with an ever growing bundle list. - -Thanks to Jamal for find this problem. - -Reported-by: Jamal Hadi Salim <hadi@cyberus.ca> -Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> -Acked-by: Steffen Klassert <steffen.klassert@secunet.com> -Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> -Signed-off-by: David S. Miller <davem@davemloft.net> -(cherry picked from commit 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9) ---- - include/net/xfrm.h | 3 ++- - net/ipv4/xfrm4_policy.c | 5 +++-- - net/ipv6/xfrm6_policy.c | 3 ++- - net/xfrm/xfrm_policy.c | 7 ++++--- - 4 files changed, 11 insertions(+), 7 deletions(-) - -diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index 223e90a..6960be2 100644 ---- a/include/net/xfrm.h -+++ b/include/net/xfrm.h -@@ -273,7 +273,8 @@ struct xfrm_policy_afinfo { - struct dst_entry *dst, - int nfheader_len); - int (*fill_dst)(struct xfrm_dst *xdst, -- struct net_device *dev); -+ struct net_device *dev, -+ struct flowi *fl); - }; - - extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); -diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c -index 74fb2eb..7009886 100644 ---- a/net/ipv4/xfrm4_policy.c -+++ b/net/ipv4/xfrm4_policy.c -@@ -92,11 +92,12 @@ static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst, - return 0; - } - --static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) -+static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, -+ struct flowi *fl) - { - struct rtable *rt = (struct rtable *)xdst->route; - -- xdst->u.rt.fl = rt->fl; -+ xdst->u.rt.fl = *fl; - - xdst->u.dst.dev = dev; - dev_hold(dev); -diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index 8ec3d45..3f89ab7 100644 ---- a/net/ipv6/xfrm6_policy.c -+++ b/net/ipv6/xfrm6_policy.c -@@ -117,7 +117,8 @@ static int xfrm6_init_path(struct xfrm_dst *path, struct dst_entry *dst, - return 0; - } - --static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) -+static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, -+ struct flowi *fl) - { - struct rt6_info *rt = (struct rt6_info*)xdst->route; - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index cb81ca3..d75047c 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1341,7 +1341,8 @@ static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst, - return err; - } - --static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) -+static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, -+ struct flowi *fl) - { - struct xfrm_policy_afinfo *afinfo = - xfrm_policy_get_afinfo(xdst->u.dst.ops->family); -@@ -1350,7 +1351,7 @@ static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) - if (!afinfo) - return -EINVAL; - -- err = afinfo->fill_dst(xdst, dev); -+ err = afinfo->fill_dst(xdst, dev, fl); - - xfrm_policy_put_afinfo(afinfo); - -@@ -1454,7 +1455,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, - for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) { - struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev; - -- err = xfrm_fill_dst(xdst, dev); -+ err = xfrm_fill_dst(xdst, dev, fl); - if (err) - goto free_dst; - --- -1.7.0.2 - |