aha/net/ipv6
Herbert Xu af2681828a [ICMP]: Ensure that ICMP relookup maintains status quo
The ICMP relookup path is only meant to modify behaviour when
appropriate IPsec policies are in place and marked as requiring
relookups.  It is certainly not meant to modify behaviour when
IPsec policies don't exist at all.

However, due to an oversight on the error paths existing behaviour
may in fact change should one of the relookup steps fail.

This patch corrects this by redirecting all errors on relookup
failures to the previous code path.  That is, if the initial
xfrm_lookup let the packet pass, we will stand by that decision
should the relookup fail due to an error.

This should be safe from a security point-of-view because compliant
systems must install a default deny policy so the packet would'nt
have passed in that case.

Many thanks to Julian Anastasov for pointing out this error.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-03 12:52:19 -07:00
..
netfilter [INET]: inet_frag_evictor() must run with BH disabled 2008-03-28 17:30:18 -07:00
addrconf.c IPv6: do not create temporary adresses with too short preferred lifetime 2008-04-02 00:01:35 -07:00
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses. 2007-07-31 02:28:21 -07:00
addrlabel.c [IPV6] ADDRLABEL: Fix double free on label deletion. 2008-01-28 15:46:02 -08:00
af_inet6.c [IPV6]: Fix hardcoded removing of old module code 2008-02-17 22:34:53 -08:00
ah6.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
anycast.c [NETNS][IPV6]: inet6_addr - check ipv6 address per namespace 2008-01-28 15:01:44 -08:00
datagram.c [NETNS][IPV6]: inet6_addr - check ipv6 address per namespace 2008-01-28 15:01:44 -08:00
esp6.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
exthdrs.c [NETNS][IPV6]: inet6_addr - make ipv6_chk_home_addr namespace aware 2008-01-28 15:01:46 -08:00
exthdrs_core.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
fib6_rules.c [NETNS]: FIB rules API cleanup. 2008-01-28 15:08:13 -08:00
icmp.c [ICMP]: Ensure that ICMP relookup maintains status quo 2008-04-03 12:52:19 -07:00
inet6_connection_sock.c [IPV6] __inet6_csk_dst_store(): fix check-after-use 2007-10-15 12:26:32 -07:00
inet6_hashtables.c [INET]: Fix accidentally broken inet(6)_hash_connect's port offset calculations. 2008-02-05 03:14:44 -08:00
ip6_fib.c [IPV6]: Use BUG_ON instead of if + BUG in fib6_del_route. 2008-02-18 20:50:42 -08:00
ip6_flowlabel.c [NET]: Add some acquires/releases sparse annotations. 2008-01-28 15:00:31 -08:00
ip6_input.c [IPV6] MCAST: Ensure to check multicast listener(s). 2008-03-31 19:30:45 -07:00
ip6_output.c [IPV6]: Fix reversed local_df test in ip6_fragment 2008-02-14 23:49:37 -08:00
ip6_tunnel.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
ipcomp6.c [IPCOMP]: Disable BH on output when using shared tfm 2008-02-28 11:23:17 -08:00
ipv6_sockglue.c [NET]: prot_inuse cleanups and optimizations 2008-01-28 15:00:36 -08:00
Kconfig [IPV6] KCONFIG: Fix description about IPV6_TUNNEL. 2008-03-20 16:13:58 -07:00
Makefile [IPV6]: Make the ipv6/sysctl_net_ipv6.c compilation cleaner 2008-01-28 14:56:29 -08:00
mcast.c [NET]: Add some acquires/releases sparse annotations. 2008-01-28 15:00:31 -08:00
mip6.c [XFRM]: constify 'struct xfrm_type' 2008-01-31 19:27:20 -08:00
ndisc.c [NEIGH]: Fix race between pneigh deletion and ipv6's ndisc_recv_ns (v3). 2008-03-24 14:48:59 -07:00
netfilter.c [NETFILTER]: constify nf_afinfo 2008-01-28 14:59:05 -08:00
proc.c [IPV6]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:13:46 -08:00
protocol.c [IPV6]: Decentralize EXPORT_SYMBOLs. 2007-04-25 22:23:36 -07:00
raw.c [RAW]: Wrong content of the /proc/net/raw6. 2008-01-31 19:27:26 -08:00
reassembly.c [NETNS][FRAGS]: Make the pernet subsystem for fragments. 2008-01-28 15:10:40 -08:00
route.c [IPV6]: Add missing initializations of the new nl_info.nl_net field 2008-02-26 18:42:37 -08:00
sit.c [INET]: Don't create tunnels with '%' in name. 2008-02-26 23:51:04 -08:00
sysctl_net_ipv6.c [IPV6] SYSCTL: Fix possible memory leakage in error path. 2008-02-27 12:06:38 -08:00
tcp_ipv6.c [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
tunnel6.c [IPV6]: Replace sk_buff ** with sk_buff * in input handlers 2007-10-15 12:50:28 -07:00
udp.c [NETNS]: Udp sockets per-net lookup. 2008-01-31 19:28:21 -08:00
udp_impl.h [IPV6] UDPLITE: Sparse: Declare non-static symbols in header. 2008-01-28 15:10:26 -08:00
udplite.c [IPV6] UDP,UDPLITE: Sparse: {__udp6_lib,udp,udplite}_err() are of void. 2008-01-28 15:10:25 -08:00
xfrm6_input.c [IPSEC]: Fix transport-mode async resume on intput without netfilter 2008-01-28 15:00:10 -08:00
xfrm6_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_policy.c [NET]: should explicitely initialize atomic_t field in struct dst_ops 2008-01-31 19:27:23 -08:00
xfrm6_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm6_tunnel.c [XFRM]: constify 'struct xfrm_type' 2008-01-31 19:27:20 -08:00