q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/net/ipv4
History
Herbert Xu af2681828a [ICMP]: Ensure that ICMP relookup maintains status quo 
The ICMP relookup path is only meant to modify behaviour when
appropriate IPsec policies are in place and marked as requiring
relookups.  It is certainly not meant to modify behaviour when
IPsec policies don't exist at all.

However, due to an oversight on the error paths existing behaviour
may in fact change should one of the relookup steps fail.

This patch corrects this by redirecting all errors on relookup
failures to the previous code path.  That is, if the initial
xfrm_lookup let the packet pass, we will stand by that decision
should the relookup fail due to an error.

This should be safe from a security point-of-view because compliant
systems must install a default deny policy so the packet would'nt
have passed in that case.

Many thanks to Julian Anastasov for pointing out this error.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2008-04-03 12:52:19 -07:00
..
ipvs ipvs: Make wrr "no available servers" error message rate-limited 2008-02-05 20:00:10 -08:00
netfilter [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
Kconfig [ESP]: Add select on AUTHENC 2008-03-04 14:29:21 -08:00
Makefile [IPV4]: Cleanup the sysctl_net_ipv4.c file 2008-01-28 14:56:27 -08:00
af_inet.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ah4.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
arp.c Revert "[NDISC]: Fix race in generic address resolution" 2008-02-17 18:39:54 -08:00
cipso_ipv4.c NetLabel: introduce a new kernel configuration API for NetLabel 2008-02-05 09:44:20 -08:00
datagram.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
devinet.c [IPV4]: Reset scope when changing address 2008-02-26 18:42:41 -08:00
esp4.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
fib_frontend.c [NETNS]: Lookup in FIB semantic hashes taking into account the namespace. 2008-01-31 19:28:41 -08:00
fib_hash.c ipv4/fib_hash.c: fix NULL dereference 2008-02-19 16:28:54 -08:00
fib_lookup.h [IPV4] FIB_HASH: Reduce memory needs and speedup lookups 2008-01-28 15:02:46 -08:00
fib_rules.c [IPV4]: Consolidate fib_select_default. 2008-01-28 15:11:02 -08:00
fib_semantics.c [NETNS]: Lookup in FIB semantic hashes taking into account the namespace. 2008-01-31 19:28:41 -08:00
fib_trie.c [IPV4] fib_trie: fix warning from rcu_assign_poinger 2008-03-22 17:59:58 -07:00
icmp.c [ICMP]: Ensure that ICMP relookup maintains status quo 2008-04-03 12:52:19 -07:00
igmp.c [IGMP]: Optimize kfree_skb in igmp_rcv. 2008-02-09 23:22:26 -08:00
inet_connection_sock.c [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
inet_diag.c [NETNS]: Tcp-v6 sockets per-net lookup. 2008-01-31 19:28:20 -08:00
inet_fragment.c [INET]: inet_frag_evictor() must run with BH disabled 2008-03-28 17:30:18 -07:00
inet_hashtables.c [INET]: Unexport inet_listen_wlock 2008-02-13 17:40:25 -08:00
inet_lro.c [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
inet_timewait_sock.c [NET]: prot_inuse cleanups and optimizations 2008-01-28 15:00:36 -08:00
inetpeer.c [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip_forward.c [NET]: Don't send ICMP_FRAG_NEEDED for GSO packets 2008-03-28 16:23:19 -07:00
ip_fragment.c [IPV4]: Fix null dereference in ip_defrag 2008-03-21 15:01:50 -07:00
ip_gre.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ip_input.c [IPv4] RAW: Compact the API for the kernel 2008-01-28 14:54:28 -08:00
ip_options.c [NETNS]: Add netns parameter to inet_(dev_)add_type. 2008-01-28 15:01:27 -08:00
ip_output.c [NET]: Introducing socket mark socket option. 2008-01-31 19:27:19 -08:00
ip_sockglue.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ipcomp.c [IPCOMP]: Disable BH on output when using shared tfm 2008-02-28 11:23:17 -08:00
ipconfig.c [NET] endianness noise: INADDR_ANY 2008-03-17 22:44:53 -07:00
ipip.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ipmr.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
netfilter.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
proc.c [NETNS][FRAGS]: Make the mem counter per-namespace. 2008-01-28 15:10:36 -08:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c [RAW]: Wrong content of the /proc/net/raw6. 2008-01-31 19:27:26 -08:00
route.c [IPV4]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:14:25 -08:00
syncookies.c [NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28 15:11:07 -08:00
sysctl_net_ipv4.c [TCP]: Fix a bug in strategy_allowed_congestion_control 2008-01-31 19:28:23 -08:00
tcp.c [TCP]: Let skbs grow over a page on fast peers 2008-03-22 15:47:05 -07:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c [TCP]: Uninline tcp_is_cwnd_limited 2008-01-28 15:01:48 -08:00
tcp_cubic.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_diag.c [INET]: Let inet_diag and friends autoload 2007-10-22 02:59:54 -07:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_hybla.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c [TCP]: Must count fack_count also when skipping 2008-03-03 12:10:16 -08:00
tcp_ipv4.c [TCP]: Fix tcp_v4_send_synack() comment 2008-02-17 22:29:19 -08:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c [TCP]: Move sack_ok access to obviously named funcs & cleanup 2007-10-10 16:48:00 -07:00
tcp_output.c [TCP]: Fix shrinking windows with window scaling 2008-03-20 16:11:27 -07:00
tcp_probe.c [NET]: Make /proc/net per network namespace 2007-10-10 16:49:06 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c [TCP]: Do not purge sk_forward_alloc entirely in tcp_delack_timer(). 2008-01-28 15:01:42 -08:00
tcp_vegas.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tunnel4.c [INET]: Cleanup the xfrm4_tunnel_(un)register 2007-11-10 21:48:54 -08:00
udp.c [IP] UDP: Use SEQ_START_TOKEN. 2008-03-31 19:38:15 -07:00
udp_impl.h [UDP]: Randomize port selection. 2007-10-10 16:48:31 -07:00
udplite.c [IPV4] UDP,UDPLITE: Sparse: {__udp4_lib,udp,udplite}_err() are of void. 2008-01-28 15:10:24 -08:00
xfrm4_input.c [IPSEC]: Fix transport-mode async resume on intput without netfilter 2008-01-28 15:00:10 -08:00
xfrm4_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c [NET]: should explicitely initialize atomic_t field in struct dst_ops 2008-01-31 19:27:23 -08:00
xfrm4_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00