diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-16 10:56:58 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-16 10:56:58 -0400 |
commit | 8e91f178a2bb4a3e52e76f6263c251ffb816eb17 (patch) | |
tree | 684ddff23b86c974b80f210389ab6d23555d6003 /net | |
parent | 8032b526d1a3bd91ad633dd3a3b5fdbc47ad54f1 (diff) | |
parent | ea8dbdd17099a9a5864ebd4c87e01e657b19c7ab (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits)
r8169: revert "r8169: read MAC address from EEPROM on init (2nd attempt)"
r8169: use hardware auto-padding.
igb: remove ASPM L0s workaround
netxen: remove old flash check.
mv643xx_eth: fix unicast address filter corruption on mtu change
xfrm: Fix xfrm_state_find() wrt. wildcard source address.
emac: Fix clock control for 405EX and 405EXr chips
ixgbe: fix multiple unicast address support
via-velocity: Fix DMA mapping length errors on transmit.
qlge: bugfix: Pad outbound frames smaller than 60 bytes.
qlge: bugfix: Move netif_napi_del() to common call point.
qlge: bugfix: Tell hw to strip vlan header.
qlge: bugfix: Increase filter on inbound csum.
dnet: replace obsolete *netif_rx_* functions with *napi_*
net: Add be2net driver.
dnet: Fix warnings on 64-bit.
dnet: Dave DNET ethernet controller driver (updated)
ipv6: Fix BUG when disabled ipv6 module is unloaded
bnx2x: Using DMAE to initialize the chip
bnx2x: Casting page alignment
...
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/af_inet6.c | 3 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 90 |
2 files changed, 61 insertions, 32 deletions
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index da944eca2ca..9c8309ed35c 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c | |||
@@ -1192,6 +1192,9 @@ module_init(inet6_init); | |||
1192 | 1192 | ||
1193 | static void __exit inet6_exit(void) | 1193 | static void __exit inet6_exit(void) |
1194 | { | 1194 | { |
1195 | if (disable_ipv6) | ||
1196 | return; | ||
1197 | |||
1195 | /* First of all disallow new sockets creation. */ | 1198 | /* First of all disallow new sockets creation. */ |
1196 | sock_unregister(PF_INET6); | 1199 | sock_unregister(PF_INET6); |
1197 | /* Disallow any further netlink messages */ | 1200 | /* Disallow any further netlink messages */ |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index e25ff62ab2a..62a5425cc6a 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -748,12 +748,51 @@ static void xfrm_hash_grow_check(struct net *net, int have_hash_collision) | |||
748 | schedule_work(&net->xfrm.state_hash_work); | 748 | schedule_work(&net->xfrm.state_hash_work); |
749 | } | 749 | } |
750 | 750 | ||
751 | static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x, | ||
752 | struct flowi *fl, unsigned short family, | ||
753 | xfrm_address_t *daddr, xfrm_address_t *saddr, | ||
754 | struct xfrm_state **best, int *acq_in_progress, | ||
755 | int *error) | ||
756 | { | ||
757 | /* Resolution logic: | ||
758 | * 1. There is a valid state with matching selector. Done. | ||
759 | * 2. Valid state with inappropriate selector. Skip. | ||
760 | * | ||
761 | * Entering area of "sysdeps". | ||
762 | * | ||
763 | * 3. If state is not valid, selector is temporary, it selects | ||
764 | * only session which triggered previous resolution. Key | ||
765 | * manager will do something to install a state with proper | ||
766 | * selector. | ||
767 | */ | ||
768 | if (x->km.state == XFRM_STATE_VALID) { | ||
769 | if ((x->sel.family && | ||
770 | !xfrm_selector_match(&x->sel, fl, x->sel.family)) || | ||
771 | !security_xfrm_state_pol_flow_match(x, pol, fl)) | ||
772 | return; | ||
773 | |||
774 | if (!*best || | ||
775 | (*best)->km.dying > x->km.dying || | ||
776 | ((*best)->km.dying == x->km.dying && | ||
777 | (*best)->curlft.add_time < x->curlft.add_time)) | ||
778 | *best = x; | ||
779 | } else if (x->km.state == XFRM_STATE_ACQ) { | ||
780 | *acq_in_progress = 1; | ||
781 | } else if (x->km.state == XFRM_STATE_ERROR || | ||
782 | x->km.state == XFRM_STATE_EXPIRED) { | ||
783 | if (xfrm_selector_match(&x->sel, fl, x->sel.family) && | ||
784 | security_xfrm_state_pol_flow_match(x, pol, fl)) | ||
785 | *error = -ESRCH; | ||
786 | } | ||
787 | } | ||
788 | |||
751 | struct xfrm_state * | 789 | struct xfrm_state * |
752 | xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | 790 | xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, |
753 | struct flowi *fl, struct xfrm_tmpl *tmpl, | 791 | struct flowi *fl, struct xfrm_tmpl *tmpl, |
754 | struct xfrm_policy *pol, int *err, | 792 | struct xfrm_policy *pol, int *err, |
755 | unsigned short family) | 793 | unsigned short family) |
756 | { | 794 | { |
795 | static xfrm_address_t saddr_wildcard = { }; | ||
757 | struct net *net = xp_net(pol); | 796 | struct net *net = xp_net(pol); |
758 | unsigned int h; | 797 | unsigned int h; |
759 | struct hlist_node *entry; | 798 | struct hlist_node *entry; |
@@ -773,40 +812,27 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
773 | xfrm_state_addr_check(x, daddr, saddr, family) && | 812 | xfrm_state_addr_check(x, daddr, saddr, family) && |
774 | tmpl->mode == x->props.mode && | 813 | tmpl->mode == x->props.mode && |
775 | tmpl->id.proto == x->id.proto && | 814 | tmpl->id.proto == x->id.proto && |
776 | (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { | 815 | (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) |
777 | /* Resolution logic: | 816 | xfrm_state_look_at(pol, x, fl, family, daddr, saddr, |
778 | 1. There is a valid state with matching selector. | 817 | &best, &acquire_in_progress, &error); |
779 | Done. | 818 | } |
780 | 2. Valid state with inappropriate selector. Skip. | 819 | if (best) |
781 | 820 | goto found; | |
782 | Entering area of "sysdeps". | 821 | |
783 | 822 | h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family); | |
784 | 3. If state is not valid, selector is temporary, | 823 | hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) { |
785 | it selects only session which triggered | 824 | if (x->props.family == family && |
786 | previous resolution. Key manager will do | 825 | x->props.reqid == tmpl->reqid && |
787 | something to install a state with proper | 826 | !(x->props.flags & XFRM_STATE_WILDRECV) && |
788 | selector. | 827 | xfrm_state_addr_check(x, daddr, saddr, family) && |
789 | */ | 828 | tmpl->mode == x->props.mode && |
790 | if (x->km.state == XFRM_STATE_VALID) { | 829 | tmpl->id.proto == x->id.proto && |
791 | if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) || | 830 | (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) |
792 | !security_xfrm_state_pol_flow_match(x, pol, fl)) | 831 | xfrm_state_look_at(pol, x, fl, family, daddr, saddr, |
793 | continue; | 832 | &best, &acquire_in_progress, &error); |
794 | if (!best || | ||
795 | best->km.dying > x->km.dying || | ||
796 | (best->km.dying == x->km.dying && | ||
797 | best->curlft.add_time < x->curlft.add_time)) | ||
798 | best = x; | ||
799 | } else if (x->km.state == XFRM_STATE_ACQ) { | ||
800 | acquire_in_progress = 1; | ||
801 | } else if (x->km.state == XFRM_STATE_ERROR || | ||
802 | x->km.state == XFRM_STATE_EXPIRED) { | ||
803 | if (xfrm_selector_match(&x->sel, fl, x->sel.family) && | ||
804 | security_xfrm_state_pol_flow_match(x, pol, fl)) | ||
805 | error = -ESRCH; | ||
806 | } | ||
807 | } | ||
808 | } | 833 | } |
809 | 834 | ||
835 | found: | ||
810 | x = best; | 836 | x = best; |
811 | if (!x && !error && !acquire_in_progress) { | 837 | if (!x && !error && !acquire_in_progress) { |
812 | if (tmpl->id.spi && | 838 | if (tmpl->id.spi && |