linux/net
Masahide NAKAMURA e53820de0f [XFRM] IPV6: Restrict bundle reusing
For outbound transformation, bundle is checked whether it is
suitable for current flow to be reused or not. In such IPv6 case
as below, transformation may apply incorrect bundle for the flow instead
of creating another bundle:

- The policy selector has destination prefix length < 128
  (Two or more addresses can be matched it)
- Its bundle holds dst entry of default route whose prefix length < 128
  (Previous traffic was used such route as next hop)
- The policy and the bundle were used a transport mode state and
  this time flow address is not matched the bundled state.

This issue is found by Mobile IPv6 usage to protect mobility signaling
by IPsec, but it is not a Mobile IPv6 specific.
This patch adds strict check to xfrm_bundle_ok() for each
state mode and address when prefix length is less than 128.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 15:06:44 -07:00
..
802 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
8021q [VLAN]: Fix link state propagation 2006-07-24 13:52:13 -07:00
appletalk [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
atm [NET]: Remove unnecessary config.h includes from net/ 2006-09-22 14:54:21 -07:00
ax25 [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
bluetooth [Bluetooth] Correct RFCOMM channel MTU for broken implementations 2006-07-24 12:44:25 -07:00
bridge [BRIDGE]: Convert notifications to use rtnl_notify() 2006-09-22 14:54:59 -07:00
core [RTNETLINK]: Don't return error on no-metrics. 2006-09-22 14:55:40 -07:00
dccp [IPV6]: Cache source address as well in ipv6_pinfo{}. 2006-09-22 14:55:45 -07:00
decnet [DECNET]: Convert DECnet notifications to use rtnl_notify() 2006-09-22 14:54:52 -07:00
econet [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
ethernet [ETH]: indentation and cleanup 2006-09-22 14:55:09 -07:00
ieee80211 [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21 11:46:21 +10:00
ipv4 [XFRM] IPV6: Restrict bundle reusing 2006-09-22 15:06:44 -07:00
ipv6 [XFRM] IPV6: Restrict bundle reusing 2006-09-22 15:06:44 -07:00
ipx [IPX]: Fix typo, ipxhdr() --> ipx_hdr() 2006-08-09 17:36:15 -07:00
irda [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
key [XFRM]: Add XFRM_MODE_xxx for future use. 2006-09-22 15:05:15 -07:00
lapb [LAPB]: Fix windowsize check 2006-08-05 21:15:58 -07:00
llc [LLC]: multicast receive device match 2006-08-13 18:56:26 -07:00
netfilter [NETFILTER]: x_tables: Fix typos after conversion to use mass registation helper 2006-09-22 14:55:40 -07:00
netlabel [NETLINK]: Add notification message sending interface 2006-09-22 14:54:49 -07:00
netlink [NETLINK]: Add notification message sending interface 2006-09-22 14:54:49 -07:00
netrom [NETROM] lockdep: fix false positive 2006-07-12 13:59:02 -07:00
packet [NET]: Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE 2006-09-22 14:53:53 -07:00
rose [ROSE] lockdep: fix false positive 2006-07-12 13:58:59 -07:00
rxrpc [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
sched [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
sctp [SCTP]: Remove multiple levels of msecs to jiffies conversions. 2006-09-22 14:55:39 -07:00
sunrpc [SUNRPC]: Remove the unnecessary check for highmem in xs_sendpages(). 2006-09-22 14:54:16 -07:00
tipc [TIPC]: Removing useless casts 2006-07-21 15:52:20 -07:00
unix [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
wanrouter [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
x25 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
xfrm [XFRM] IPV6: Restrict bundle reusing 2006-09-22 15:06:44 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig [NET]: Protocol Independant Policy Routing Rules Framework 2006-09-22 14:53:40 -07:00
Makefile [NetLabel]: core NetLabel subsystem 2006-09-22 14:53:34 -07:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [NET]: Kill double initialization in sock_alloc_inode. 2006-09-22 14:54:22 -07:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00