linux/net/ipv6
Steffen Klassert 5596732fa8 xfrm: Fix crash with ipv6 IPsec tunnel and NAT.
The ipv6 xfrm output path is not aware that packets can be
rerouted by NAT to not use IPsec. We crash in this case
because we expect to have a xfrm state at the dst_entry.
This crash happens if the ipv6 layer does IPsec and NAT
or if we have an interfamily IPsec tunnel with ipv4 NAT.

We fix this by checking for a NAT rerouted packet in each
address family and dst_output() to the new destination
in this case.

Reported-by: Martin Pelikan <martin.pelikan@gmail.com>
Tested-by: Martin Pelikan <martin.pelikan@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-04-07 10:52:38 +02:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
addrconf_core.c ipv6: move in6_dev_finish_destroy() into core kernel 2013-08-31 22:30:00 -04:00
addrconf.c ipv6: move DAD and addrconf_verify processing to workqueue 2014-03-28 16:54:50 -04:00
addrlabel.c ipv6:fix checkpatch errors with assignment in if condition 2014-02-17 16:57:29 -05:00
af_inet6.c ipv6: add flowlabel_consistency sysctl 2014-01-19 17:12:31 -08:00
ah6.c ah6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
anycast.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
datagram.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
esp6.c esp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
exthdrs_core.c ipv6: ipv6_find_hdr restore prev functionality 2014-02-27 18:27:26 -05:00
exthdrs_offload.c ipv6: Fix exthdrs offload registration. 2014-03-06 16:35:55 -05:00
exthdrs.c ipv6/exthdrs: accept tlv which includes only padding 2013-09-11 15:52:27 -04:00
fib6_rules.c ipv6: move IPV6_TCLASS_SHIFT into ipv6.h and define a helper 2014-01-15 15:53:18 -08:00
icmp.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
inet6_connection_sock.c net: Remove FLOWI_FLAG_CAN_SLEEP 2013-12-06 07:24:39 +01:00
inet6_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
ip6_checksum.c ipv6: log src and dst along with "udp checksum is 0" 2014-02-26 15:46:25 -05:00
ip6_fib.c ipv6: fix checkpatch errors of "foo*" and "foo * bar" 2014-03-29 18:15:52 -04:00
ip6_flowlabel.c ipv6: remove some unused include in flowlabel 2014-02-18 18:11:05 -05:00
ip6_gre.c net: introduce netdev_alloc_pcpu_stats() for drivers 2014-02-14 15:49:55 -05:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c net: Fix memory leak if TPROXY used with TCP early demux 2014-01-27 16:22:11 -08:00
ip6_offload.c ipv4: ipv6: better estimate tunnel header cut for correct ufo handling 2014-02-25 18:27:06 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
ip6_tunnel.c net: Replace u64_stats_fetch_begin_bh to u64_stats_fetch_begin_irq 2014-03-14 22:41:36 -04:00
ip6_vti.c vti6: Enable namespace changing 2014-03-14 07:28:09 +01:00
ip6mr.c ip6mr: fix mfc notification flags 2014-03-20 16:24:28 -04:00
ipcomp6.c ipcomp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
ipv6_sockglue.c ipv6: yet another new IPV6_MTU_DISCOVER option IPV6_PMTUDISC_OMIT 2014-02-26 15:51:01 -05:00
Kconfig ip6_vti: Fix build when NET_IP_TUNNEL is not set. 2014-02-20 14:29:49 +01:00
Makefile xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
mcast.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
mip6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ndisc.c neigh: use tbl->family to distinguish ipv4 from ipv6 2013-12-09 20:56:12 -05:00
netfilter.c netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 2013-05-23 11:58:55 +02:00
output_core.c ipv6: strengthen fallback fragmentation id generation 2014-03-31 16:33:38 -04:00
ping.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
proc.c net: add SNMP counters tracking incoming ECN bits 2013-08-08 22:24:59 -07:00
protocol.c net: remove outdated comment for ipv4 and ipv6 protocol handler 2013-11-28 18:47:51 -05:00
raw.c ipv6: protect protocols not handling ipv4 from v4 connection/bind attempts 2014-01-21 16:59:19 -08:00
reassembly.c ipv6: split inet6_hash_frag for netfilter and initialize secrets with net_get_random_once 2013-10-23 17:01:40 -04:00
route.c ipv6: reuse rt6_need_strict 2014-03-31 16:16:16 -04:00
sit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-03-05 20:32:02 -05:00
syncookies.c net: Remove FLOWI_FLAG_CAN_SLEEP 2013-12-06 07:24:39 +01:00
sysctl_net_ipv6.c ipv6: add flowlabel_consistency sysctl 2014-01-19 17:12:31 -08:00
tcp_ipv6.c ipv6: tcp_ipv6 policy route issue 2014-03-31 16:16:17 -04:00
tcpv6_offload.c net-gro: Prepare GRO stack for the upcoming tunneling support 2013-12-12 13:47:53 -05:00
tunnel6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c ipv6: reuse ip6_frag_id from ip6_ufo_append_data 2014-02-22 00:28:21 -05:00
udp.c ipv6: make IPV6_RECVPKTINFO work for ipv4 datagrams 2014-01-19 19:53:18 -08:00
udplite.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
xfrm6_input.c
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Remove xfrm_tunnel_notifier 2014-03-14 07:28:08 +01:00
xfrm6_output.c xfrm: Fix crash with ipv6 IPsec tunnel and NAT. 2014-04-07 10:52:38 +02:00
xfrm6_policy.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_protocol.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_state.c xfrm: make local error reporting more robust 2013-08-14 13:07:12 +02:00
xfrm6_tunnel.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00