OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/include/net
History
Masahide NAKAMURA e53820de0f [XFRM] IPV6: Restrict bundle reusing 
For outbound transformation, bundle is checked whether it is
suitable for current flow to be reused or not. In such IPv6 case
as below, transformation may apply incorrect bundle for the flow instead
of creating another bundle:

- The policy selector has destination prefix length < 128
  (Two or more addresses can be matched it)
- Its bundle holds dst entry of default route whose prefix length < 128
  (Previous traffic was used such route as next hop)
- The policy and the bundle were used a transport mode state and
  this time flow address is not matched the bundled state.

This issue is found by Mobile IPv6 usage to protect mobility signaling
by IPsec, but it is not a Mobile IPv6 specific.
This patch adds strict check to xfrm_bundle_ok() for each
state mode and address when prefix length is less than 128.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2006-09-22 15:06:44 -07:00
..
bluetooth [Bluetooth] Use real devices for host controllers 2006-07-03 19:54:02 -07:00
irda [PATCH] irq-flags: drivers/net: Use the new IRQF_ constants 2006-07-02 13:58:51 -07:00
netfilter Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
sctp [SCTP]: Remove multiple levels of msecs to jiffies conversions. 2006-09-22 14:55:39 -07:00
tc_act [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
tipc [TIPC]: Corrected potential misuse of tipc_media_addr structure. 2006-06-25 23:38:29 -07:00
act_api.h [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
addrconf.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
af_unix.h [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
ah.h [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
arp.h [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
atmclip.h [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
ax25.h [AX.25]: Reference counting for AX.25 routes. 2006-07-03 19:30:18 -07:00
checksum.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cipso_ipv4.h [NetLabel]: core network changes 2006-09-22 14:53:32 -07:00
compat.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
datalink.h [NET]: Kill skb->real_dev 2005-08-29 15:32:25 -07:00
dn.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_dev.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_fib.h [DECNET]: cleanups 2006-09-22 14:54:40 -07:00
dn_neigh.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_nsp.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_route.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dsfield.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dst.h [XFRM] STATE: Support non-fragment outbound transformation headers. 2006-09-22 15:06:41 -07:00
esp.h [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
fib_rules.h [NET]: Introduce RTA_TABLE/FRA_TABLE attributes 2006-09-22 14:54:25 -07:00
flow.h [MLSXFRM]: Flow based matching of xfrm policy and state 2006-09-22 14:53:24 -07:00
gen_stats.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
genetlink.h [NETLINK]: Add notification message sending interface 2006-09-22 14:54:49 -07:00
icmp.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ieee80211.h [PATCH] wireless: Changes to ieee80211.h for user space regulatory daemon 2006-06-15 15:48:13 -04:00
ieee80211_crypt.h [PATCH] ieee80211: Add TKIP crypt->build_iv 2006-01-27 17:08:07 -05:00
ieee80211_radiotap.h [PATCH] ieee80211: Added ieee80211_radiotap.h 2005-09-21 23:03:55 -04:00
ieee80211softmac.h [PATCH] SoftMAC: Prevent multiple authentication attempts on the same network 2006-07-05 13:42:58 -04:00
ieee80211softmac_wx.h [PATCH] softmac: add SIOCSIWMLME 2006-04-24 16:15:58 -04:00
if_inet6.h [IPV6]: ADDRCONF: Use our standard algorithm for randomized ifid. 2006-03-20 16:54:09 -08:00
inet6_connection_sock.h [IPV6]: Generalise some functions 2006-01-03 13:10:46 -08:00
inet6_hashtables.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
inet_common.h [NET]: move struct proto_ops to const 2006-01-03 13:11:15 -08:00
inet_connection_sock.h [ICSK] compat: Introduce inet_csk_compat_[gs]etsockopt 2006-03-20 22:46:16 -08:00
inet_ecn.h [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
inet_hashtables.h [IPV4]: Use network-order dport for all visible inet_lookup_* 2006-09-22 14:54:14 -07:00
inet_sock.h [INET]: Remove is_setbyuser patch 2006-09-22 14:54:10 -07:00
inet_timewait_sock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-05-06 19:59:18 +01:00
inetpeer.h [IPV4]: Safer reassembly 2006-01-03 13:10:31 -08:00
ip.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
ip6_checksum.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip6_fib.h [IPV6] ROUTE: Unify RT6_F_xxx and RT6_SELECT_F_xxx flags 2006-09-22 14:55:56 -07:00
ip6_route.h [IPV6] ROUTE: Unify RT6_F_xxx and RT6_SELECT_F_xxx flags 2006-09-22 14:55:56 -07:00
ip6_tunnel.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_fib.h [IPv4]: Convert route get to new netlink api 2006-09-22 14:55:06 -07:00
ip_mp_alg.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ip_vs.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ipcomp.h [CRYPTO] users: Use crypto_comp and crypto_has_* 2006-09-21 11:46:22 +10:00
ipconfig.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipip.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ipv6.h [IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls 2006-08-02 13:38:14 -07:00
ipx.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
iw_handler.h [PATCH] WE-20 for kernel 2.6.16 2006-03-23 07:12:57 -05:00
lapb.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc.h [LLC]: llc_mac_hdr_init const arguments 2006-03-20 22:59:36 -08:00
llc_c_ac.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_c_ev.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_c_st.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_conn.h [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
llc_if.h [LLC]: add multicast support for datagrams 2006-06-17 21:26:08 -07:00
llc_pdu.h [LLC]: Fix typo 2005-11-14 21:58:18 -08:00
llc_s_ac.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_s_ev.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_s_st.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_sap.h [LLC]: Fix the accept path 2005-09-22 07:57:21 -03:00
ndisc.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
neighbour.h [NEIGHBOUR]: Use ALIGN() macro. 2006-09-22 14:54:23 -07:00
netdma.h [NET]: Fix more per-cpu typos 2006-08-02 15:02:31 -07:00
netevent.h [NET]: Network Event Notifier Mechanism. 2006-08-02 13:38:20 -07:00
netlabel.h [NetLabel]: core network changes 2006-09-22 14:53:32 -07:00
netlink.h [IPv4]: FIB configuration using struct fib_config 2006-09-22 14:55:04 -07:00
netrom.h [NETROM]: Eleminate HZ from NET/ROM kernel interfaces 2006-05-03 23:27:47 -07:00
nexthop.h [IPv4]: FIB configuration using struct fib_config 2006-09-22 14:55:04 -07:00
p8022.h [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
pkt_cls.h [NET]: Remove explicit initializations of skb->input_dev 2005-08-29 15:33:26 -07:00
pkt_sched.h [PKT_SCHED]: Fix regression in PSCHED_TADD{,2}. 2006-07-24 12:44:23 -07:00
protocol.h [NET] gso: Fix up GSO packets with broken checksums 2006-07-08 13:34:56 -07:00
psnap.h [NET]: Kill skb->real_dev 2005-08-29 15:32:25 -07:00
raw.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
rawv6.h [IPV4/6]: Check if packet was actually delivered to a raw socket to decide whether to send an ICMP unreachable 2005-08-29 15:37:22 -07:00
red.h [PKT_SCHED] RED: Fix overflow in calculation of queue average 2006-08-04 22:59:51 -07:00
request_sock.h [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
rose.h [ROSE]: Eleminate HZ from ROSE kernel interfaces 2006-05-03 23:28:20 -07:00
route.h [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
sch_generic.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
scm.h [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
slhc_vj.h [NET]: Remove __ARGS from include/net/slhc_vj.h 2005-07-05 15:12:04 -07:00
snmp.h [SCTP]: Extend /proc/net/sctp/snmp to provide more statistics. 2006-09-22 14:55:16 -07:00
sock.h [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
syncppp.h [PATCH] drivers/net/wan/: possible cleanups 2005-09-14 08:36:54 -04:00
tcp.h [TCP]: SNMPv2 tcpAttemptFails counter error 2006-08-02 13:38:19 -07:00
tcp_ecn.h [IPV6]: Added GSO support for TCPv6 2006-06-30 14:12:10 -07:00
tcp_states.h [TCP]: Move the TCPF_ enum to tcp_states.h 2006-01-03 13:10:57 -08:00
timewait_sock.h [TWSK]: Introduce struct timewait_sock_ops 2006-01-03 13:10:54 -08:00
transp_v6.h [ICSK]: Rename struct tcp_func to struct inet_connection_sock_af_ops 2006-01-03 13:10:38 -08:00
udp.h [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
x25.h [X25]: allow ITU-T DTE facilities for x25 2006-03-22 00:01:31 -08:00
x25device.h [X25]: Restore skb->dev setting in x25_type_trans(). 2006-04-09 22:37:18 -07:00
xfrm.h [XFRM] IPV6: Restrict bundle reusing 2006-09-22 15:06:44 -07:00