linux/net
Herbert Xu af2681828a [ICMP]: Ensure that ICMP relookup maintains status quo
The ICMP relookup path is only meant to modify behaviour when
appropriate IPsec policies are in place and marked as requiring
relookups.  It is certainly not meant to modify behaviour when
IPsec policies don't exist at all.

However, due to an oversight on the error paths existing behaviour
may in fact change should one of the relookup steps fail.

This patch corrects this by redirecting all errors on relookup
failures to the previous code path.  That is, if the initial
xfrm_lookup let the packet pass, we will stand by that decision
should the relookup fail due to an error.

This should be safe from a security point-of-view because compliant
systems must install a default deny policy so the packet would'nt
have passed in that case.

Many thanks to Julian Anastasov for pointing out this error.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-03 12:52:19 -07:00
..
9p net/9p/trans_fd.c:p9_trans_fd_init(): module_init functions should return 0 on success 2008-03-28 14:45:22 -07:00
802 [TR] net/802/tr.c: sysctl_tr_rif_timeout static 2008-01-31 19:28:31 -08:00
8021q [VLAN]: Proc entry is not renamed when vlan device name changes. 2008-04-02 00:08:01 -07:00
appletalk [APPLETALK]: Use proc_create() to setup ->proc_fops first 2008-02-28 12:53:32 -08:00
atm [ATM]: When proc_create() fails, do some error handling work and return -ENOMEM. 2008-03-23 21:45:36 -07:00
ax25 [AX25]: Remove obsolete references to BKL from TODO file. 2008-03-26 02:14:38 -07:00
bluetooth bluetooth : __rfcomm_dlc_close lock fix 2008-04-01 23:59:06 -07:00
bridge bridge: use time_before() in br_fdb_cleanup() 2008-03-20 15:54:58 -07:00
can [CAN]: Minor clean-ups 2008-02-07 18:05:04 -08:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-26 18:35:50 -07:00
dccp [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
decnet [DECNET] ROUTE: remove unecessary alignment 2008-02-07 23:29:57 -08:00
econet [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
ethernet [ETH]: Combine format_addr() with print_mac(). 2008-01-28 15:00:05 -08:00
ieee80211 ieee80211: beacon->capability is little-endian 2008-01-28 15:08:48 -08:00
ipv4 [ICMP]: Ensure that ICMP relookup maintains status quo 2008-04-03 12:52:19 -07:00
ipv6 [ICMP]: Ensure that ICMP relookup maintains status quo 2008-04-03 12:52:19 -07:00
ipx [IPX]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:06:14 -08:00
irda [IRDA]: Store irnet_socket termios properly. 2008-03-26 00:55:50 -07:00
iucv iucv: fix build error on !SMP 2008-03-03 12:12:33 -08:00
key [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
lapb [LAPB] net/lapb/lapb_iface.c: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:52 -08:00
llc [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
mac80211 mac80211: correct use_short_preamble handling 2008-04-01 15:44:08 -04:00
netfilter [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
netlabel [NETLABEL]: Move some initialization code into __init section. 2008-02-17 22:33:57 -08:00
netlink [GENETLINK]: Relax dances with genl_lock. 2008-02-12 22:16:33 -08:00
netrom [NET]: Simple ctl_table to ctl_path conversions. 2008-01-28 15:01:07 -08:00
packet [PACKET]: Fix sparse warnings in af_packet.c 2008-01-28 15:00:48 -08:00
rfkill PM: Introduce PM_EVENT_HIBERNATE callback state 2008-02-23 10:40:04 -08:00
rose [ROSE/AX25] af_rose: rose_release() fix 2008-04-01 23:56:17 -07:00
rxrpc net/rxrpc trivial annotations 2008-03-30 14:20:23 -07:00
sched [NET]: Add preemption point in qdisc_run 2008-03-28 16:25:26 -07:00
sctp [SCTP]: Fix a race between module load and protosw access 2008-03-20 15:17:14 -07:00
sunrpc SVCRDMA: Check num_sge when setting LAST_CTXT bit 2008-03-26 11:24:19 -07:00
tipc tipc: fix integer as NULL pointer sparse warnings in tipc 2008-02-24 18:38:31 -08:00
unix Introduce path_put() 2008-02-14 21:13:33 -08:00
wanrouter [WANROUTER]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:15:56 -08:00
wireless WEXT: remove unused variable 2008-01-28 15:10:48 -08:00
x25 [X25]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:16:33 -08:00
xfrm [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
compat.c [NETFILTER]: ip6_tables: add compat support 2008-01-28 14:58:36 -08:00
Kconfig namespaces: mark NET_NS with "depends on NAMESPACES" 2008-02-08 09:22:23 -08:00
Makefile [CAN]: Add PF_CAN core module 2008-01-28 14:54:10 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [DLCI]: Fix tiny race between module unload and sock_ioctl. 2008-03-21 15:58:52 -07:00
sysctl_net.c [NET]: Remove the empty net_table 2008-01-28 14:56:29 -08:00
TUNABLE