FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-15 21:30:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9b78a82c1c
linux/net
History
David S. Miller 9b78a82c1c [IPSEC]: Fix policy updates missed by sockets 
The problem is that when new policies are inserted, sockets do not see
the update (but all new route lookups do).

This bug is related to the SA insertion stale route issue solved
recently, and this policy visibility problem can be fixed in a similar
way.

The fix is to flush out the bundles of all policies deeper than the
policy being inserted.  Consider beginning state of "outgoing"
direction policy list:

	policy A --> policy B --> policy C --> policy D

First, realize that inserting a policy into a list only potentially
changes IPSEC routes for that direction.  Therefore we need not bother
considering the policies for other directions.  We need only consider
the existing policies in the list we are doing the inserting.

Consider new policy "B'", inserted after B.

	policy A --> policy B --> policy B' --> policy C --> policy D

Two rules:

1) If policy A or policy B matched before the insertion, they
   appear before B' and thus would still match after inserting
   B'

2) Policy C and D, now "shadowed" and after policy B', potentially
   contain stale routes because policy B' might be selected
   instead of them.

Therefore we only need flush routes assosciated with policies
appearing after a newly inserted policy, if any.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-12-22 07:39:48 -08:00
..
802
8021q [VLAN]: Add two missing checks to vlan_ioctl_handler() 2005-12-21 18:39:49 -08:00
appletalk
atm [ATM]: deregistration removes device from atm_devs list immediately 2005-11-29 16:16:41 -08:00
ax25
bluetooth
bridge [BRIDGE-NF]: Fix bridge-nf ipv6 length check 2005-12-19 14:00:08 -08:00
core [NET]: Fix NULL pointer deref in checksum debugging. 2005-12-08 15:21:39 -08:00
dccp [DCCP]: Comment typo 2005-12-21 19:02:39 -08:00
decnet [DECNET]: add memory buffer settings 2005-12-05 13:42:06 -08:00
econet
ethernet
ieee80211 [PATCH] ieee80211_crypt_tkip depends on NET_RADIO 2005-12-12 23:59:28 -05:00
ipv4 [XFRM]: Handle DCCP in xfrm{4,6}_decode_session 2005-12-19 14:03:46 -08:00
ipv6 [IPV6]: Fix address deletion 2005-12-21 18:47:24 -08:00
ipx
irda
key
lapb
llc [LLC]: Fix compiler warnings introduced by TX window scaling changes. 2005-11-17 15:17:42 -08:00
netfilter [NETFILTER]: Wait for untracked references in nf_conntrack module unload 2005-12-05 13:36:50 -08:00
netlink [NETLINK]: Use tgid instead of pid for nlmsg_pid 2005-11-22 14:41:50 -08:00
netrom [NETROM]: Fix three if-statements in nr_state1_machine() 2005-12-21 18:38:26 -08:00
packet [AF_PACKET]: Convert PACKET_MMAP over to vm_insert_page(). 2005-12-06 16:38:35 -08:00
rose
rxrpc
sched [PKT_SCHED]: Disable debug tracing logs by default in packet action API. 2005-12-13 22:59:50 -08:00
sctp [SCTP]: Fix sctp to not return erroneous POLLOUT events. 2005-12-19 14:24:40 -08:00
sunrpc SUNRPC: Fix "EPIPE" error on mount of rpcsec_gss-protected partitions 2005-12-19 23:12:21 -05:00
unix
wanrouter
x25
xfrm [IPSEC]: Fix policy updates missed by sockets 2005-12-22 07:39:48 -08:00
compat.c
Kconfig
Makefile [NETFILTER]: link 'netfilter' before ipv4 2005-11-14 15:25:59 -08:00
nonet.c
socket.c
sysctl_net.c
TUNABLE