linux/net/ipv4
Herbert Xu af2681828a [ICMP]: Ensure that ICMP relookup maintains status quo
The ICMP relookup path is only meant to modify behaviour when
appropriate IPsec policies are in place and marked as requiring
relookups.  It is certainly not meant to modify behaviour when
IPsec policies don't exist at all.

However, due to an oversight on the error paths existing behaviour
may in fact change should one of the relookup steps fail.

This patch corrects this by redirecting all errors on relookup
failures to the previous code path.  That is, if the initial
xfrm_lookup let the packet pass, we will stand by that decision
should the relookup fail due to an error.

This should be safe from a security point-of-view because compliant
systems must install a default deny policy so the packet would'nt
have passed in that case.

Many thanks to Julian Anastasov for pointing out this error.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-03 12:52:19 -07:00
..
ipvs ipvs: Make wrr "no available servers" error message rate-limited 2008-02-05 20:00:10 -08:00
netfilter [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
af_inet.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ah4.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
arp.c Revert "[NDISC]: Fix race in generic address resolution" 2008-02-17 18:39:54 -08:00
cipso_ipv4.c NetLabel: introduce a new kernel configuration API for NetLabel 2008-02-05 09:44:20 -08:00
datagram.c
devinet.c [IPV4]: Reset scope when changing address 2008-02-26 18:42:41 -08:00
esp4.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
fib_frontend.c [NETNS]: Lookup in FIB semantic hashes taking into account the namespace. 2008-01-31 19:28:41 -08:00
fib_hash.c ipv4/fib_hash.c: fix NULL dereference 2008-02-19 16:28:54 -08:00
fib_lookup.h
fib_rules.c
fib_semantics.c [NETNS]: Lookup in FIB semantic hashes taking into account the namespace. 2008-01-31 19:28:41 -08:00
fib_trie.c [IPV4] fib_trie: fix warning from rcu_assign_poinger 2008-03-22 17:59:58 -07:00
icmp.c [ICMP]: Ensure that ICMP relookup maintains status quo 2008-04-03 12:52:19 -07:00
igmp.c [IGMP]: Optimize kfree_skb in igmp_rcv. 2008-02-09 23:22:26 -08:00
inet_connection_sock.c [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
inet_diag.c
inet_fragment.c [INET]: inet_frag_evictor() must run with BH disabled 2008-03-28 17:30:18 -07:00
inet_hashtables.c [INET]: Unexport inet_listen_wlock 2008-02-13 17:40:25 -08:00
inet_lro.c
inet_timewait_sock.c
inetpeer.c
ip_forward.c [NET]: Don't send ICMP_FRAG_NEEDED for GSO packets 2008-03-28 16:23:19 -07:00
ip_fragment.c [IPV4]: Fix null dereference in ip_defrag 2008-03-21 15:01:50 -07:00
ip_gre.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ip_input.c
ip_options.c
ip_output.c
ip_sockglue.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ipcomp.c [IPCOMP]: Disable BH on output when using shared tfm 2008-02-28 11:23:17 -08:00
ipconfig.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ipip.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ipmr.c
Kconfig [ESP]: Add select on AUTHENC 2008-03-04 14:29:21 -08:00
Makefile
netfilter.c
proc.c
protocol.c
raw.c
route.c [IPV4]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:14:25 -08:00
syncookies.c
sysctl_net_ipv4.c
tcp.c [TCP]: Let skbs grow over a page on fast peers 2008-03-22 15:47:05 -07:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c [TCP]: Must count fack_count also when skipping 2008-03-03 12:10:16 -08:00
tcp_ipv4.c [TCP]: Fix tcp_v4_send_synack() comment 2008-02-17 22:29:19 -08:00
tcp_lp.c
tcp_minisocks.c
tcp_output.c [TCP]: Fix shrinking windows with window scaling 2008-03-20 16:11:27 -07:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c [IP] UDP: Use SEQ_START_TOKEN. 2008-03-31 19:38:15 -07:00
udp_impl.h
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c
xfrm4_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_tunnel.c