diff options
Diffstat (limited to 'main/linux-grsec/net-2.6.git-87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9.patch')
| -rw-r--r-- | main/linux-grsec/net-2.6.git-87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9.patch | 109 |
1 files changed, 0 insertions, 109 deletions
diff --git a/main/linux-grsec/net-2.6.git-87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9.patch b/main/linux-grsec/net-2.6.git-87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9.patch deleted file mode 100644 index 7cc9bf789..000000000 --- a/main/linux-grsec/net-2.6.git-87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9 Mon Sep 17 00:00:00 2001 -From: Herbert Xu <herbert@gondor.apana.org.au> -Date: Tue, 2 Mar 2010 02:51:56 +0000 -Subject: [PATCH] ipsec: Fix bogus bundle flowi - -When I merged the bundle creation code, I introduced a bogus -flowi value in the bundle. Instead of getting from the caller, -it was instead set to the flow in the route object, which is -totally different. - -The end result is that the bundles we created never match, and -we instead end up with an ever growing bundle list. - -Thanks to Jamal for find this problem. - -Reported-by: Jamal Hadi Salim <hadi@cyberus.ca> -Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> -Acked-by: Steffen Klassert <steffen.klassert@secunet.com> -Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - include/net/xfrm.h | 3 ++- - net/ipv4/xfrm4_policy.c | 5 +++-- - net/ipv6/xfrm6_policy.c | 3 ++- - net/xfrm/xfrm_policy.c | 7 ++++--- - 4 files changed, 11 insertions(+), 7 deletions(-) - -diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index a7df327..d74e080 100644 ---- a/include/net/xfrm.h -+++ b/include/net/xfrm.h -@@ -275,7 +275,8 @@ struct xfrm_policy_afinfo { - struct dst_entry *dst, - int nfheader_len); - int (*fill_dst)(struct xfrm_dst *xdst, -- struct net_device *dev); -+ struct net_device *dev, -+ struct flowi *fl); - }; - - extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); -diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c -index 67107d6..e4a1483 100644 ---- a/net/ipv4/xfrm4_policy.c -+++ b/net/ipv4/xfrm4_policy.c -@@ -91,11 +91,12 @@ static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst, - return 0; - } - --static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) -+static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, -+ struct flowi *fl) - { - struct rtable *rt = (struct rtable *)xdst->route; - -- xdst->u.rt.fl = rt->fl; -+ xdst->u.rt.fl = *fl; - - xdst->u.dst.dev = dev; - dev_hold(dev); -diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index dbdc696..ae18165 100644 ---- a/net/ipv6/xfrm6_policy.c -+++ b/net/ipv6/xfrm6_policy.c -@@ -116,7 +116,8 @@ static int xfrm6_init_path(struct xfrm_dst *path, struct dst_entry *dst, - return 0; - } - --static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) -+static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, -+ struct flowi *fl) - { - struct rt6_info *rt = (struct rt6_info*)xdst->route; - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 34a5ef8..843e066 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1372,7 +1372,8 @@ static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst, - return err; - } - --static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) -+static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, -+ struct flowi *fl) - { - struct xfrm_policy_afinfo *afinfo = - xfrm_policy_get_afinfo(xdst->u.dst.ops->family); -@@ -1381,7 +1382,7 @@ static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev) - if (!afinfo) - return -EINVAL; - -- err = afinfo->fill_dst(xdst, dev); -+ err = afinfo->fill_dst(xdst, dev, fl); - - xfrm_policy_put_afinfo(afinfo); - -@@ -1486,7 +1487,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, - for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) { - struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev; - -- err = xfrm_fill_dst(xdst, dev); -+ err = xfrm_fill_dst(xdst, dev, fl); - if (err) - goto free_dst; - --- -1.7.0.2 - |