Re: [9/*] [IPSEC] Check dst validity harder in xfrm_bundle

netdev

Re: [9/*] [IPSEC] Check dst validity harder in xfrm_bundle_ok

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [9/*] [IPSEC] Check dst validity harder in xfrm_bundle_ok
From:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Date:	Mon, 7 Mar 2005 09:32:09 -0800
Cc:	kuznet@xxxxxxxxxxxxx, jmorris@xxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20050307103536.GB7137@gondor.apana.org.au>
References:	<20050214221006.GA18415@gondor.apana.org.au> <20050214221200.GA18465@gondor.apana.org.au> <20050214221433.GB18465@gondor.apana.org.au> <20050214221607.GC18465@gondor.apana.org.au> <20050306213214.7d8a143d.davem@davemloft.net> <20050307103536.GB7137@gondor.apana.org.au>
Sender:	netdev-bounce@xxxxxxxxxxx

On Mon, 7 Mar 2005 21:35:36 +1100
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> There is another bug in xfrm_bundle_ok where I forgot to
> check the validity of xdst->route.  In fact, the check
> on dst->path isn't strong enough either.  For IPv6 entries,
> dst->path->obsolete is always negative until you call
> ipv6_dst_check.  So we really need to do that here.
> 
> Here's the patch to fix those two problems.  Yes I know
> my dst_check implementation is lame.  I'll come back and
> fix up all the dst_check functions by moving their dst_release
> calls out.  It proves that you were right in that IPv6 dst
> leak thread :)
> 
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Applied, thanks Herbert.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [4/4] [IPSEC] Store MTU at each xfrm_dst, David S. Miller *[9/] [IPSEC] Check dst validity harder in xfrm_bundle_ok*, Herbert Xu* *Re: [9/] [IPSEC] Check dst validity harder in xfrm_bundle_ok*, David S. Miller* <= *[11/] [NET] Move dst_release out of dst->ops->check*, Herbert Xu* *Re: [11/] [NET] Move dst_release out of dst->ops->check*, YOSHIFUJI Hideaki / 吉藤英明* *Re: [11/] [NET] Move dst_release out of dst->ops->check*, David S. Miller* *[12/] [IPSEC] Handle local_df in IPv4*, Herbert Xu* *[13/] [IPV4] Fix room calculation in icmp_send*, Herbert Xu* *[14/] [IPV6] Reload skb->dst after xfrm6_route_forward*, Herbert Xu* *Re: [14/] [IPV6] Reload skb->dst after xfrm6_route_forward*, David S. Miller* *[15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *[16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *[17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu*

Previous by Date:	Re: [patch 2/3] drivers/net/wireless/prism54/islpci_hotplug: Use the DMA_{64, 32}BIT_MASK constants, Luis R. Rodriguez
Next by Date:	*Re: [10/] [TCP] Get rid of dst_ptmu/ext2_header_len*, David S. Miller*
Previous by Thread:	*[9/] [IPSEC] Check dst validity harder in xfrm_bundle_ok*, Herbert Xu*
Next by Thread:	*[11/] [NET] Move dst_release out of dst->ops->check*, Herbert Xu*
Indexes:	[Date] [Thread] [Top] [All Lists]