diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-05-20 17:32:14 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-05-20 17:32:14 -0400 |
| commit | 1ac06e0306d0192a7a4d9ea1c9e06d355ce7e7d3 (patch) | |
| tree | 610968ecaa89b3b9144db508dc2bd650afadce74 /net/ipv4 | |
| parent | 6f704992d3658aadff9e506c7fd80957fce33c5f (diff) | |
ipsec: Use the correct ip_local_out function
Because the IPsec output function xfrm_output_resume does its
own dst_output call it should always call __ip_local_output
instead of ip_local_output as the latter may invoke dst_output
directly. Otherwise the return values from nf_hook and dst_output
may clash as they both use the value 1 but for different purposes.
When that clash occurs this can cause a packet to be used after
it has been freed which usually leads to a crash. Because the
offending value is only returned from dst_output with qdiscs
such as HTB, this bug is normally not visible.
Thanks to Marco Berizzi for his perseverance in tracking this
down.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/route.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 92f90ae46f4a..df41026b60db 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -160,7 +160,7 @@ static struct dst_ops ipv4_dst_ops = { | |||
| 160 | .negative_advice = ipv4_negative_advice, | 160 | .negative_advice = ipv4_negative_advice, |
| 161 | .link_failure = ipv4_link_failure, | 161 | .link_failure = ipv4_link_failure, |
| 162 | .update_pmtu = ip_rt_update_pmtu, | 162 | .update_pmtu = ip_rt_update_pmtu, |
| 163 | .local_out = ip_local_out, | 163 | .local_out = __ip_local_out, |
| 164 | .entry_size = sizeof(struct rtable), | 164 | .entry_size = sizeof(struct rtable), |
| 165 | .entries = ATOMIC_INIT(0), | 165 | .entries = ATOMIC_INIT(0), |
| 166 | }; | 166 | }; |