Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2013-12-19 1) Use the user supplied policy index instead of a generated one if present. From Fan Du. 2) Make xfrm migration namespace aware. From Fan Du. 3) Make the xfrm state and policy locks namespace aware. From Fan Du. 4) Remove ancient sleeping when the SA is in acquire state, we now queue packets to the policy instead. This replaces the sleeping code. 5) Remove FLOWI_FLAG_CAN_SLEEP. This was used to notify xfrm about the posibility to sleep. The sleeping code is gone, so remove it. 6) Check user specified spi for IPComp. Thr spi for IPcomp is only 16 bit wide, so check for a valid value. From Fan Du. 7) Export verify_userspi_info to check for valid user supplied spi ranges with pfkey and netlink. From Fan Du. 8) RFC3173 states that if the total size of a compressed payload and the IPComp header is not smaller than the size of the original payload, the IP datagram must be sent in the original non-compressed form. These packets are dropped by the inbound policy check because they are not transformed. Document the need to set 'level use' for IPcomp to receive such packets anyway. From Fan Du. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-12-19 18:37:49 -0500
committer: David S. Miller <davem@davemloft.net> 2013-12-19 18:37:49 -0500
commit: 1669cb9855050fe9d2a13391846f9aceccf42559 (patch)
tree: 80a2f1229902e9db7fd1552ee770372b351f2036 /net/dccp
parent: cb4eae3d525abbe408e7e0efd7841b5c3c13cd0f (diff)
parent: b3c6efbc36e2c5ac820b1a800ac17cc3e040de0c (diff)
2 files changed, 5 insertions, 5 deletions
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index d9f65fc66db5..88299c29101d 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -75,7 +75,7 @@ int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
                              RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
                              IPPROTO_DCCP,
-                              orig_sport, orig_dport, sk, true);
+                              orig_sport, orig_dport, sk);
        if (IS_ERR(rt))
                return PTR_ERR(rt);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 629019e6f8e9..4db3c2a1679c 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -240,7 +240,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req)
        final_p = fl6_update_dst(&fl6, np->opt, &final);
-        dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);
+        dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
        if (IS_ERR(dst)) {
                err = PTR_ERR(dst);
                dst = NULL;
@@ -304,7 +304,7 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
        security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
        /* sk = NULL, but it is safe for now. RST socket required. */
-        dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
+        dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
        if (!IS_ERR(dst)) {
                skb_dst_set(skb, dst);
                ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
@@ -515,7 +515,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
                fl6.fl6_sport = htons(ireq->ir_num);
                security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
-                dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);
+                dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
                if (IS_ERR(dst))
                        goto out;
        }
@@ -934,7 +934,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
        final_p = fl6_update_dst(&fl6, np->opt, &final);
-        dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);
+        dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
        if (IS_ERR(dst)) {
                err = PTR_ERR(dst);
                goto failure;
author	David S. Miller <davem@davemloft.net>	2013-12-19 18:37:49 -0500
committer	David S. Miller <davem@davemloft.net>	2013-12-19 18:37:49 -0500
commit	1669cb9855050fe9d2a13391846f9aceccf42559 (patch)
tree	80a2f1229902e9db7fd1552ee770372b351f2036 /net/dccp
parent	cb4eae3d525abbe408e7e0efd7841b5c3c13cd0f (diff)
parent	b3c6efbc36e2c5ac820b1a800ac17cc3e040de0c (diff)

diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c index d9f65fc66db5..88299c29101d 100644 --- a/net/dccp/ipv4.c +++ b/net/dccp/ipv4.c
@@ -75,7 +75,7 @@ int dccp_v4_connect(struct sock sk, struct sockaddr uaddr, int addr_len)
75	rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,	75	rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
76	RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,	76	RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
77	IPPROTO_DCCP,	77	IPPROTO_DCCP,
78	orig_sport, orig_dport, sk, true);	78	orig_sport, orig_dport, sk);
79	if (IS_ERR(rt))	79	if (IS_ERR(rt))
80	return PTR_ERR(rt);	80	return PTR_ERR(rt);
81		81


diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 629019e6f8e9..4db3c2a1679c 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c
@@ -240,7 +240,7 @@ static int dccp_v6_send_response(struct sock sk, struct request_sock req)
240		240
241	final_p = fl6_update_dst(&fl6, np->opt, &final);	241	final_p = fl6_update_dst(&fl6, np->opt, &final);
242		242
243	dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);	243	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
244	if (IS_ERR(dst)) {	244	if (IS_ERR(dst)) {
245	err = PTR_ERR(dst);	245	err = PTR_ERR(dst);
246	dst = NULL;	246	dst = NULL;
@@ -304,7 +304,7 @@ static void dccp_v6_ctl_send_reset(struct sock sk, struct sk_buff rxskb)
304	security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));	304	security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
305		305
306	/* sk = NULL, but it is safe for now. RST socket required. */	306	/* sk = NULL, but it is safe for now. RST socket required. */
307	dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);	307	dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
308	if (!IS_ERR(dst)) {	308	if (!IS_ERR(dst)) {
309	skb_dst_set(skb, dst);	309	skb_dst_set(skb, dst);
310	ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);	310	ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
@@ -515,7 +515,7 @@ static struct sock dccp_v6_request_recv_sock(struct sock sk,
515	fl6.fl6_sport = htons(ireq->ir_num);	515	fl6.fl6_sport = htons(ireq->ir_num);
516	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));	516	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
517		517
518	dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);	518	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
519	if (IS_ERR(dst))	519	if (IS_ERR(dst))
520	goto out;	520	goto out;
521	}	521	}
@@ -934,7 +934,7 @@ static int dccp_v6_connect(struct sock sk, struct sockaddr uaddr,
934		934
935	final_p = fl6_update_dst(&fl6, np->opt, &final);	935	final_p = fl6_update_dst(&fl6, np->opt, &final);
936		936
937	dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);	937	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
938	if (IS_ERR(dst)) {	938	if (IS_ERR(dst)) {
939	err = PTR_ERR(dst);	939	err = PTR_ERR(dst);
940	goto failure;	940	goto failure;