diff options
| author | David S. Miller <davem@davemloft.net> | 2012-09-15 11:43:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-09-15 11:43:53 -0400 |
| commit | b48b63a1f6e26b0dec2c9f1690396ed4bcb66903 (patch) | |
| tree | 8d9ad227c3a7d35cd78d40ecaf9bf59375dbd21a /net/xfrm | |
| parent | 7f2e6a5d8608d0353b017a0fe15502307593734e (diff) | |
| parent | 3f0c3c8fe30c725c1264fb6db8cc4b69db3a658a (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts:
net/netfilter/nfnetlink_log.c
net/netfilter/xt_LOG.c
Rather easy conflict resolution, the 'net' tree had bug fixes to make
sure we checked if a socket is a time-wait one or not and elide the
logging code if so.
Whereas on the 'net-next' side we are calculating the UID and GID from
the creds using different interfaces due to the user namespace changes
from Eric Biederman.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_input.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_replay.c | 15 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 4 |
3 files changed, 19 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 54a0dc2e2f8d..ab2bb42fe094 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -212,7 +212,7 @@ resume: | |||
| 212 | /* only the first xfrm gets the encap type */ | 212 | /* only the first xfrm gets the encap type */ |
| 213 | encap_type = 0; | 213 | encap_type = 0; |
| 214 | 214 | ||
| 215 | if (async && x->repl->check(x, skb, seq)) { | 215 | if (async && x->repl->recheck(x, skb, seq)) { |
| 216 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); | 216 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); |
| 217 | goto drop_unlock; | 217 | goto drop_unlock; |
| 218 | } | 218 | } |
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 2f6d11d04a2b..3efb07d3eb27 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c | |||
| @@ -420,6 +420,18 @@ err: | |||
| 420 | return -EINVAL; | 420 | return -EINVAL; |
| 421 | } | 421 | } |
| 422 | 422 | ||
| 423 | static int xfrm_replay_recheck_esn(struct xfrm_state *x, | ||
| 424 | struct sk_buff *skb, __be32 net_seq) | ||
| 425 | { | ||
| 426 | if (unlikely(XFRM_SKB_CB(skb)->seq.input.hi != | ||
| 427 | htonl(xfrm_replay_seqhi(x, net_seq)))) { | ||
| 428 | x->stats.replay_window++; | ||
| 429 | return -EINVAL; | ||
| 430 | } | ||
| 431 | |||
| 432 | return xfrm_replay_check_esn(x, skb, net_seq); | ||
| 433 | } | ||
| 434 | |||
| 423 | static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) | 435 | static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) |
| 424 | { | 436 | { |
| 425 | unsigned int bitnr, nr, i; | 437 | unsigned int bitnr, nr, i; |
| @@ -479,6 +491,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) | |||
| 479 | static struct xfrm_replay xfrm_replay_legacy = { | 491 | static struct xfrm_replay xfrm_replay_legacy = { |
| 480 | .advance = xfrm_replay_advance, | 492 | .advance = xfrm_replay_advance, |
| 481 | .check = xfrm_replay_check, | 493 | .check = xfrm_replay_check, |
| 494 | .recheck = xfrm_replay_check, | ||
| 482 | .notify = xfrm_replay_notify, | 495 | .notify = xfrm_replay_notify, |
| 483 | .overflow = xfrm_replay_overflow, | 496 | .overflow = xfrm_replay_overflow, |
| 484 | }; | 497 | }; |
| @@ -486,6 +499,7 @@ static struct xfrm_replay xfrm_replay_legacy = { | |||
| 486 | static struct xfrm_replay xfrm_replay_bmp = { | 499 | static struct xfrm_replay xfrm_replay_bmp = { |
| 487 | .advance = xfrm_replay_advance_bmp, | 500 | .advance = xfrm_replay_advance_bmp, |
| 488 | .check = xfrm_replay_check_bmp, | 501 | .check = xfrm_replay_check_bmp, |
| 502 | .recheck = xfrm_replay_check_bmp, | ||
| 489 | .notify = xfrm_replay_notify_bmp, | 503 | .notify = xfrm_replay_notify_bmp, |
| 490 | .overflow = xfrm_replay_overflow_bmp, | 504 | .overflow = xfrm_replay_overflow_bmp, |
| 491 | }; | 505 | }; |
| @@ -493,6 +507,7 @@ static struct xfrm_replay xfrm_replay_bmp = { | |||
| 493 | static struct xfrm_replay xfrm_replay_esn = { | 507 | static struct xfrm_replay xfrm_replay_esn = { |
| 494 | .advance = xfrm_replay_advance_esn, | 508 | .advance = xfrm_replay_advance_esn, |
| 495 | .check = xfrm_replay_check_esn, | 509 | .check = xfrm_replay_check_esn, |
| 510 | .recheck = xfrm_replay_recheck_esn, | ||
| 496 | .notify = xfrm_replay_notify_bmp, | 511 | .notify = xfrm_replay_notify_bmp, |
| 497 | .overflow = xfrm_replay_overflow_esn, | 512 | .overflow = xfrm_replay_overflow_esn, |
| 498 | }; | 513 | }; |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 30edad44e7fc..105f2062ed1a 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -1994,8 +1994,10 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay) | |||
| 1994 | goto error; | 1994 | goto error; |
| 1995 | 1995 | ||
| 1996 | x->outer_mode = xfrm_get_mode(x->props.mode, family); | 1996 | x->outer_mode = xfrm_get_mode(x->props.mode, family); |
| 1997 | if (x->outer_mode == NULL) | 1997 | if (x->outer_mode == NULL) { |
| 1998 | err = -EPROTONOSUPPORT; | ||
| 1998 | goto error; | 1999 | goto error; |
| 2000 | } | ||
| 1999 | 2001 | ||
| 2000 | if (init_replay) { | 2002 | if (init_replay) { |
| 2001 | err = xfrm_init_replay(x); | 2003 | err = xfrm_init_replay(x); |