OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/include
History
Steffen Klassert 8f20fcf03c xfrm: Generate queueing routes only from route lookup functions 
[ Upstream commit b8c203b2d2 ]

Currently we genarate a queueing route if we have matching policies
but can not resolve the states and the sysctl xfrm_larval_drop is
disabled. Here we assume that dst_output() is called to kill the
queued packets. Unfortunately this assumption is not true in all
cases, so it is possible that these packets leave the system unwanted.

We fix this by generating queueing routes only from the
route lookup functions, here we can guarantee a call to
dst_output() afterwards.

Fixes: a0073fe18e ("xfrm: Add a state resolution packet queue")
Reported-by: Konstantinos Kolelis <k.kolelis@sirrix.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-10-15 08:36:42 +02:00
..
acpi ACPI / hotplug: Generate online uevents for ACPI containers 2014-10-05 14:52:16 -07:00
asm-generic mm: use paravirt friendly ops for NUMA hinting ptes 2014-05-31 13:20:30 -07:00
clocksource
crypto crypto: scatterwalk - Use sg_chain_ptr on chain entries 2013-12-09 19:58:52 +08:00
drm drm/radeon: add additional SI pci ids 2014-09-05 16:34:15 -07:00
dt-bindings pinctrl: dra: dt-bindings: Fix pull enable/disable 2014-08-07 14:52:38 -07:00
keys
kvm ARM: KVM: fix non-VGIC compilation 2014-03-06 09:47:42 +01:00
linux net: Always untag vlan-tagged traffic on input. 2014-10-15 08:36:40 +02:00
math-emu math-emu: fix floating-point to integer overflow detection 2014-01-07 18:36:24 -06:00
media media: vb2: fix VBI/poll regression 2014-10-09 12:21:27 -07:00
memory
misc
net xfrm: Generate queueing routes only from route lookup functions 2014-10-15 08:36:42 +02:00
pcmcia
ras
rdma IB/core: Don't resolve passive side RoCE L2 address in CMA REQ handler 2014-05-06 07:59:28 -07:00
rxrpc
scsi scsi: do not issue SCSI RSOC command to Promise Vtrak E610f 2014-09-17 09:19:14 -07:00
sound ALSA: control: Protect user controls against concurrent access 2014-06-26 15:15:43 -04:00
target target: Report correct response length for some commands 2014-06-30 20:12:00 -07:00
trace tracing: Fix syscall_*regfunc() vs copy_process() race 2014-07-06 18:57:29 -07:00
uapi usb: gadget: f_fs: drop duplicate usb_functionfs_descs_head declaration 2014-10-05 14:52:14 -07:00
video video: pxa168fb: Cleanup pxa168fb.h file 2014-01-17 10:57:43 +02:00
xen Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2014-02-14 10:45:18 -08:00
Kbuild