]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blame - releases/2.6.33.2/ipsec-fix-bogus-bundle-flowi.patch
projects / thirdparty / kernel / stable-queue.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
5.0-stable patches
[thirdparty/kernel/stable-queue.git] / releases / 2.6.33.2 / ipsec-fix-bogus-bundle-flowi.patch
CommitLineData
e1e69077
GKH		 1From 5701123473ef64bae0519d22f756383b55d5bb04 Mon Sep 17 00:00:00 2001
2From: Herbert Xu <herbert@gondor.apana.org.au>
3Date: Tue, 2 Mar 2010 02:51:56 +0000
4Subject: ipsec: Fix bogus bundle flowi
5
6From: Herbert Xu <herbert@gondor.apana.org.au>
7
8[ Upstream commit 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9 ]
9
10When I merged the bundle creation code, I introduced a bogus
11flowi value in the bundle. Instead of getting from the caller,
12it was instead set to the flow in the route object, which is
13totally different.
14
15The end result is that the bundles we created never match, and
16we instead end up with an ever growing bundle list.
17
18Thanks to Jamal for find this problem.
19
20Reported-by: Jamal Hadi Salim <hadi@cyberus.ca>
21Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
22Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
23Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
24Signed-off-by: David S. Miller <davem@davemloft.net>
25Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
26---
27 include/net/xfrm.h | 3 ++-
28 net/ipv4/xfrm4_policy.c | 5 +++--
29 net/ipv6/xfrm6_policy.c | 3 ++-
30 net/xfrm/xfrm_policy.c | 7 ++++---
31 4 files changed, 11 insertions(+), 7 deletions(-)
32
33--- a/include/net/xfrm.h
34+++ b/include/net/xfrm.h
35@@ -274,7 +274,8 @@ struct xfrm_policy_afinfo {
36 struct dst_entry *dst,
37 int nfheader_len);
38 int (*fill_dst)(struct xfrm_dst *xdst,
39- struct net_device *dev);
40+ struct net_device *dev,
41+ struct flowi *fl);
42 };
43
44 extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
45--- a/net/ipv4/xfrm4_policy.c
46+++ b/net/ipv4/xfrm4_policy.c
47@@ -91,11 +91,12 @@ static int xfrm4_init_path(struct xfrm_d
48 return 0;
49 }
50
51-static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
52+static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
53+ struct flowi *fl)
54 {
55 struct rtable *rt = (struct rtable *)xdst->route;
56
57- xdst->u.rt.fl = rt->fl;
58+ xdst->u.rt.fl = *fl;
59
60 xdst->u.dst.dev = dev;
61 dev_hold(dev);
62--- a/net/ipv6/xfrm6_policy.c
63+++ b/net/ipv6/xfrm6_policy.c
64@@ -116,7 +116,8 @@ static int xfrm6_init_path(struct xfrm_d
65 return 0;
66 }
67
68-static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
69+static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
70+ struct flowi *fl)
71 {
72 struct rt6_info *rt = (struct rt6_info*)xdst->route;
73
74--- a/net/xfrm/xfrm_policy.c
75+++ b/net/xfrm/xfrm_policy.c
76@@ -1354,7 +1354,8 @@ static inline int xfrm_init_path(struct
77 return err;
78 }
79
80-static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev)
81+static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
82+ struct flowi *fl)
83 {
84 struct xfrm_policy_afinfo *afinfo =
85 xfrm_policy_get_afinfo(xdst->u.dst.ops->family);
86@@ -1363,7 +1364,7 @@ static inline int xfrm_fill_dst(struct x
87 if (!afinfo)
88 return -EINVAL;
89
90- err = afinfo->fill_dst(xdst, dev);
91+ err = afinfo->fill_dst(xdst, dev, fl);
92
93 xfrm_policy_put_afinfo(afinfo);
94
95@@ -1468,7 +1469,7 @@ static struct dst_entry *xfrm_bundle_cre
96 for (dst_prev = dst0; dst_prev != dst; dst_prev = dst_prev->child) {
97 struct xfrm_dst *xdst = (struct xfrm_dst *)dst_prev;
98
99- err = xfrm_fill_dst(xdst, dev);
100+ err = xfrm_fill_dst(xdst, dev, fl);
101 if (err)
102 goto free_dst;
103
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git