Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 40e3012e authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 



Steffen Klassert says:

====================
ipsec 2016-09-08

1) Fix a crash when xfrm_dump_sa returns an error.
   From Vegard Nossum.

2) Remove some incorrect WARN() on normal error handling.
   From Vegard Nossum.

3) Ignore socket policies when rebuilding hash tables,
   socket policies are not inserted into the hash tables.
   From Tobias Brunner.

4) Initialize and check tunnel pointers properly before
   we use it. From Alexey Kodanev.

5) Fix l3mdev oif setting on xfrm dst lookups.
   From David Ahern.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 9dd4aaef 11d7a0bb

net/ipv4/xfrm4_policy.c

+1 −1
Original line number Diff line number Diff line
@@ -29,7 +29,7 @@ static struct dst_entry *__xfrm4_dst_lookup(struct net *net, struct flowi4 *fl4, 
	memset(fl4, 0, sizeof(*fl4));

	fl4->daddr = daddr->a4;

	fl4->flowi4_tos = tos;

	fl4->flowi4_oif = oif;

	fl4->flowi4_oif = l3mdev_master_ifindex_by_index(net, oif);

	if (saddr)

		fl4->saddr = saddr->a4;

net/ipv6/xfrm6_input.c

+1 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb) 


int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)

{

	XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;

	XFRM_SPI_SKB_CB(skb)->family = AF_INET6;

	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);

	return xfrm_input(skb, nexthdr, spi, 0);

net/ipv6/xfrm6_policy.c

+1 −1
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, int oif, 
	int err;



	memset(&fl6, 0, sizeof(fl6));

	fl6.flowi6_oif = oif;

	fl6.flowi6_oif = l3mdev_master_ifindex_by_index(net, oif);

	fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF;

	memcpy(&fl6.daddr, daddr, sizeof(fl6.daddr));

	if (saddr)

net/xfrm/xfrm_input.c

+7 −7
Original line number Diff line number Diff line
@@ -207,16 +207,16 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) 
	family = XFRM_SPI_SKB_CB(skb)->family;



	/* if tunnel is present override skb->mark value with tunnel i_key */

	if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4) {

	switch (family) {

	case AF_INET:

		if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4)

			mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4->parms.i_key);

		break;

	case AF_INET6:

		if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6)

			mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6->parms.i_key);

		break;

	}

	}



	/* Allocate new secpath or COW existing one. */

	if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {

net/xfrm/xfrm_policy.c

+4 −0
Original line number Diff line number Diff line
@@ -626,6 +626,10 @@ static void xfrm_hash_rebuild(struct work_struct *work) 


	/* re-insert all policies by order of creation */

	list_for_each_entry_reverse(policy, &net->xfrm.policy_all, walk.all) {

		if (xfrm_policy_id2dir(policy->index) >= XFRM_POLICY_MAX) {

			/* skip socket policies */

			continue;

		}

		newpos = NULL;

		chain = policy_hash_bysel(net, &policy->selector,

					  policy->family,