mirror of
https://github.com/torvalds/linux.git
synced 2024-11-17 17:41:44 +00:00
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says: ==================== pull request (net): ipsec 2017-11-01 1) Fix a memleak when a packet matches a policy without a matching state. 2) Reset the socket cached dst_entry when inserting a socket policy, otherwise the policy might be ignored. From Jonathan Basseri. 3) Fix GSO for a IPsec, GRE tunnel combination. We reset the encapsulation field at the skb too erly, as a result GRE does not segment GSO packets. Fix this by resetting the the encapsulation field right before the transformation where the inner headers get invalid. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
122f00cdc1
@ -105,6 +105,9 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
|
||||
if (xfrm_offload(skb)) {
|
||||
x->type_offload->encap(x, skb);
|
||||
} else {
|
||||
/* Inner headers are invalid now. */
|
||||
skb->encapsulation = 0;
|
||||
|
||||
err = x->type->output(x, skb);
|
||||
if (err == -EINPROGRESS)
|
||||
goto out;
|
||||
@ -208,7 +211,6 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb)
|
||||
int err;
|
||||
|
||||
secpath_reset(skb);
|
||||
skb->encapsulation = 0;
|
||||
|
||||
if (xfrm_dev_offload_ok(skb, x)) {
|
||||
struct sec_path *sp;
|
||||
|
@ -2076,7 +2076,6 @@ make_dummy_bundle:
|
||||
xdst->num_xfrms = num_xfrms;
|
||||
memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols);
|
||||
|
||||
dst_hold(&xdst->u.dst);
|
||||
return xdst;
|
||||
|
||||
inc_error:
|
||||
|
@ -2069,6 +2069,7 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
|
||||
if (err >= 0) {
|
||||
xfrm_sk_policy_insert(sk, err, pol);
|
||||
xfrm_pol_put(pol);
|
||||
__sk_dst_reset(sk);
|
||||
err = 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user