diff options
| author | David S. Miller <davem@davemloft.net> | 2015-04-09 14:39:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-04-09 14:39:37 -0400 |
| commit | 634d8ee4de9e41726d4f6f68f57cdd8647b3d204 (patch) | |
| tree | a6e2495cee699661625fca8a97a415b4827d15bf | |
| parent | 11f17ef3154fc8a7876a9ada1d1b80d41106960a (diff) | |
| parent | 092a29a40bab8bb4530bb3e58a0597001cdecdef (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2015-04-09
1) We dereferenced the xfrm outer_mode too early, larval
SAs don't have it set. Move the dereference of the
outer mode below the larval SA check to fix it.
From Alexey Dobriyan.
2) Fix vti6 tunnel uninit on namespace crosssing.
From Yao Xiwei.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv6/ip6_vti.c | 3 | ||||
| -rw-r--r-- | net/xfrm/xfrm_input.c | 10 |
2 files changed, 6 insertions, 7 deletions
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index 5fb9e212eca8..a4ac85052e44 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c | |||
| @@ -288,8 +288,7 @@ static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p, | |||
| 288 | static void vti6_dev_uninit(struct net_device *dev) | 288 | static void vti6_dev_uninit(struct net_device *dev) |
| 289 | { | 289 | { |
| 290 | struct ip6_tnl *t = netdev_priv(dev); | 290 | struct ip6_tnl *t = netdev_priv(dev); |
| 291 | struct net *net = dev_net(dev); | 291 | struct vti6_net *ip6n = net_generic(t->net, vti6_net_id); |
| 292 | struct vti6_net *ip6n = net_generic(net, vti6_net_id); | ||
| 293 | 292 | ||
| 294 | if (dev == ip6n->fb_tnl_dev) | 293 | if (dev == ip6n->fb_tnl_dev) |
| 295 | RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); | 294 | RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 85d1d4764612..526c4feb3b50 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -238,11 +238,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 238 | 238 | ||
| 239 | skb->sp->xvec[skb->sp->len++] = x; | 239 | skb->sp->xvec[skb->sp->len++] = x; |
| 240 | 240 | ||
| 241 | if (xfrm_tunnel_check(skb, x, family)) { | ||
| 242 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); | ||
| 243 | goto drop; | ||
| 244 | } | ||
| 245 | |||
| 246 | spin_lock(&x->lock); | 241 | spin_lock(&x->lock); |
| 247 | if (unlikely(x->km.state == XFRM_STATE_ACQ)) { | 242 | if (unlikely(x->km.state == XFRM_STATE_ACQ)) { |
| 248 | XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR); | 243 | XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR); |
| @@ -271,6 +266,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 271 | 266 | ||
| 272 | spin_unlock(&x->lock); | 267 | spin_unlock(&x->lock); |
| 273 | 268 | ||
| 269 | if (xfrm_tunnel_check(skb, x, family)) { | ||
| 270 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR); | ||
| 271 | goto drop; | ||
| 272 | } | ||
| 273 | |||
| 274 | seq_hi = htonl(xfrm_replay_seqhi(x, seq)); | 274 | seq_hi = htonl(xfrm_replay_seqhi(x, seq)); |
| 275 | 275 | ||
| 276 | XFRM_SKB_CB(skb)->seq.input.low = seq; | 276 | XFRM_SKB_CB(skb)->seq.input.low = seq; |