diff options
| author | David S. Miller <davem@davemloft.net> | 2014-07-24 00:56:36 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-07-24 00:56:36 -0400 |
| commit | 11f1fb3459d7b0b36c887dbd930e462f1e011d4d (patch) | |
| tree | 4e9879e010a26c7a2ee7f3a3f35647885aa3b4e0 /net | |
| parent | dd1d3f8f9920926aa426589e542eed6bf58b7354 (diff) | |
| parent | a0e5ef53aac8e5049f9344857d8ec5237d31e58b (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2014-07-23
Just two fixes this time, both are stable candidates.
1) Fix the dst_entry refcount on socket policy usage.
2) Fix a wrong SPI check that prevents AH SAs from getting
installed, dependent on the SPI. From Tobias Brunner.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index a8ef5108e0d8..0525d78ba328 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -2097,6 +2097,8 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, | |||
| 2097 | goto no_transform; | 2097 | goto no_transform; |
| 2098 | } | 2098 | } |
| 2099 | 2099 | ||
| 2100 | dst_hold(&xdst->u.dst); | ||
| 2101 | xdst->u.dst.flags |= DST_NOCACHE; | ||
| 2100 | route = xdst->route; | 2102 | route = xdst->route; |
| 2101 | } | 2103 | } |
| 2102 | } | 2104 | } |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 412d9dc3a873..d4db6ebb089d 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 177 | attrs[XFRMA_ALG_AEAD] || | 177 | attrs[XFRMA_ALG_AEAD] || |
| 178 | attrs[XFRMA_ALG_CRYPT] || | 178 | attrs[XFRMA_ALG_CRYPT] || |
| 179 | attrs[XFRMA_ALG_COMP] || | 179 | attrs[XFRMA_ALG_COMP] || |
| 180 | attrs[XFRMA_TFCPAD] || | 180 | attrs[XFRMA_TFCPAD]) |
| 181 | (ntohl(p->id.spi) >= 0x10000)) | ||
| 182 | |||
| 183 | goto out; | 181 | goto out; |
| 184 | break; | 182 | break; |
| 185 | 183 | ||
| @@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 207 | attrs[XFRMA_ALG_AUTH] || | 205 | attrs[XFRMA_ALG_AUTH] || |
| 208 | attrs[XFRMA_ALG_AUTH_TRUNC] || | 206 | attrs[XFRMA_ALG_AUTH_TRUNC] || |
| 209 | attrs[XFRMA_ALG_CRYPT] || | 207 | attrs[XFRMA_ALG_CRYPT] || |
| 210 | attrs[XFRMA_TFCPAD]) | 208 | attrs[XFRMA_TFCPAD] || |
| 209 | (ntohl(p->id.spi) >= 0x10000)) | ||
| 211 | goto out; | 210 | goto out; |
| 212 | break; | 211 | break; |
| 213 | 212 | ||