Masahide NAKAMURA e53820de0f [XFRM] IPV6: Restrict bundle reusing ... For outbound transformation, bundle is checked whether it is suitable for current flow to be reused or not. In such IPv6 case as below, transformation may apply incorrect bundle for the flow instead of creating another bundle: - The policy selector has destination prefix length < 128 (Two or more addresses can be matched it) - Its bundle holds dst entry of default route whose prefix length < 128 (Previous traffic was used such route as next hop) - The policy and the bundle were used a transport mode state and this time flow address is not matched the bundled state. This issue is found by Mobile IPv6 usage to protect mobility signaling by IPsec, but it is not a Mobile IPv6 specific. This patch adds strict check to xfrm_bundle_ok() for each state mode and address when prefix length is less than 128. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>		2006-09-22 15:06:44 -07:00
..
ipvs	[NET]: Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE	2006-09-22 14:53:53 -07:00
netfilter	[NETFILTER]: x_tables: remove unused size argument to check/destroy functions	2006-09-22 14:55:34 -07:00
af_inet.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
ah4.c	[XFRM]: Add XFRM_MODE_xxx for future use.	2006-09-22 15:05:15 -07:00
arp.c
cipso_ipv4.c	[NET]: Make code static.	2006-09-22 14:54:07 -07:00
datagram.c
devinet.c	[IPv4] address: Convert address notification to use rtnl_notify()	2006-09-22 14:54:53 -07:00
esp4.c	[XFRM]: Add XFRM_MODE_xxx for future use.	2006-09-22 15:05:15 -07:00
fib_frontend.c	[IPv4]: Convert route get to new netlink api	2006-09-22 14:55:06 -07:00
fib_hash.c	[IPv4]: Convert FIB dumping to use new netlink api	2006-09-22 14:55:05 -07:00
fib_lookup.h	[IPv4]: Convert FIB dumping to use new netlink api	2006-09-22 14:55:05 -07:00
fib_rules.c	[IPV4]: Increase number of possible routing tables to 2^32	2006-09-22 14:54:26 -07:00
fib_semantics.c	[IPv4]: Convert FIB dumping to use new netlink api	2006-09-22 14:55:05 -07:00
fib_trie.c	[IPv4]: Convert FIB dumping to use new netlink api	2006-09-22 14:55:05 -07:00
icmp.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
igmp.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
inet_connection_sock.c	[MLSXFRM]: Auto-labeling of child sockets	2006-09-22 14:53:29 -07:00
inet_diag.c
inet_hashtables.c	[IPV4]: Use network-order dport for all visible inet_lookup_*	2006-09-22 14:54:14 -07:00
inet_timewait_sock.c
inetpeer.c
ip_forward.c
ip_fragment.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
ip_gre.c	[NET]: Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE	2006-09-22 14:53:53 -07:00
ip_input.c	[IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags.	2006-07-24 23:45:16 -07:00
ip_options.c	[INET]: Remove is_setbyuser patch	2006-09-22 14:54:10 -07:00
ip_output.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
ip_sockglue.c	[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch	2006-08-02 14:12:06 -07:00
ipcomp.c	[XFRM]: Add XFRM_MODE_xxx for future use.	2006-09-22 15:05:15 -07:00
ipconfig.c	[NET]: Remove unnecessary config.h includes from net/	2006-09-22 14:54:21 -07:00
ipip.c
ipmr.c	[RTNETLINK]: Use rtnl_unicast() for rtnetlink unicasts	2006-09-22 14:54:48 -07:00
Kconfig	[IPV4]: Use Protocol Independant Policy Routing Rules Framework	2006-09-22 14:53:42 -07:00
Makefile	[NetLabel]: CIPSOv4 engine	2006-09-22 14:53:33 -07:00
multipath_drr.c
multipath_random.c
multipath_rr.c
multipath_wrandom.c
multipath.c
netfilter.c	[NET]: Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE	2006-09-22 14:53:53 -07:00
proc.c	[IPV4]: add the UdpSndbufErrors and UdpRcvbufErrors MIBs	2006-09-22 14:54:41 -07:00
protocol.c
raw.c	[NET]: Remove unnecessary config.h includes from net/	2006-09-22 14:54:21 -07:00
route.c	[IPv4]: Convert route get to new netlink api	2006-09-22 14:55:06 -07:00
syncookies.c	[MLSXFRM]: Auto-labeling of child sockets	2006-09-22 14:53:29 -07:00
sysctl_net_ipv4.c	[NetLabel]: CIPSOv4 engine	2006-09-22 14:53:33 -07:00
tcp_bic.c
tcp_cong.c	[TCP]: Two RFC3465 Appropriate Byte Count fixes.	2006-08-29 21:22:16 -07:00
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_input.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
tcp_ipv4.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
tcp_lp.c	[NET]: Remove unnecessary config.h includes from net/	2006-09-22 14:54:21 -07:00
tcp_minisocks.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
tcp_output.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
tcp_probe.c	[TCP]: Fix botched memory leak fix to tcpprobe_read().	2006-08-13 18:05:09 -07:00
tcp_scalable.c
tcp_timer.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
tcp_vegas.c
tcp_veno.c	[NET]: Remove unnecessary config.h includes from net/	2006-09-22 14:54:21 -07:00
tcp_westwood.c
tcp.c	[NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly	2006-09-22 14:55:03 -07:00
tunnel4.c
udp.c	[IPV4]: add the UdpSndbufErrors and UdpRcvbufErrors MIBs	2006-09-22 14:54:41 -07:00
xfrm4_input.c	[XFRM]: Add XFRM_MODE_xxx for future use.	2006-09-22 15:05:15 -07:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c	[XFRM]: Add XFRM_MODE_xxx for future use.	2006-09-22 15:05:15 -07:00
xfrm4_policy.c	[XFRM] IPV6: Restrict bundle reusing	2006-09-22 15:06:44 -07:00
xfrm4_state.c	[XFRM] STATE: Search by address using source address list.	2006-09-22 15:06:35 -07:00
xfrm4_tunnel.c	[XFRM]: Add XFRM_MODE_xxx for future use.	2006-09-22 15:05:15 -07:00