system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
linux/net/ipv4
History
Steffen Klassert f92ee61982 xfrm: Generate blackhole routes only from route lookup functions 
Currently we genarate a blackhole route route whenever we have
matching policies but can not resolve the states. Here we assume
that dst_output() is called to kill the balckholed packets.
Unfortunately this assumption is not true in all cases, so
it is possible that these packets leave the system unwanted.

We fix this by generating blackhole routes only from the
route lookup functions, here we can guarantee a call to
dst_output() afterwards.

Fixes: 2774c131b1 ("xfrm: Handle blackhole route creation via afinfo.")
Reported-by: Konstantinos Kolelis <k.kolelis@sirrix.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-09-16 10:08:40 +02:00
..
netfilter netfilter: move NAT Kconfig switches out of the iptables scope 2014-08-18 21:55:54 +02:00
af_inet.c net-gre-gro: Fix a bug that breaks the forwarding path 2014-07-16 14:45:26 -07:00
ah4.c
arp.c
cipso_ipv4.c netlabel: shorter names for the NetLabel catmap funcs/structs 2014-08-01 11:17:37 -04:00
datagram.c net: Save TX flow hash in sock and set in skbuf on xmit 2014-07-07 21:14:21 -07:00
devinet.c ipv4: fail early when creating netdev named all or default 2014-07-29 11:43:50 -07:00
esp4.c
fib_frontend.c ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2014-04-16 15:05:11 -04:00
fib_lookup.h
fib_rules.c
fib_semantics.c ipv4: fib_semantics: increment fib_info_cnt after fib_info allocation 2014-05-07 17:14:32 -04:00
fib_trie.c list: fix order of arguments for hlist_add_after(_rcu) 2014-08-06 18:01:24 -07:00
gre_demux.c GRE: enable offloads for GRE 2014-07-11 13:53:39 -07:00
gre_offload.c net/ipv4: Use IS_ERR_OR_NULL 2014-07-29 15:31:56 -07:00
icmp.c ipv4: remove nested rcu_read_lock/unlock 2014-08-02 15:27:35 -07:00
igmp.c igmp: remove exceptional & on function name 2014-07-24 23:23:31 -07:00
inet_connection_sock.c ipv4: make ip_local_reserved_ports per netns 2014-05-14 15:31:45 -04:00
inet_diag.c
inet_fragment.c inet: frags: use kmem_cache for inet_frag_queue 2014-08-02 15:31:31 -07:00
inet_hashtables.c net: Use a more standard macro for INET_ADDR_COOKIE 2014-05-14 16:07:23 -04:00
inet_lro.c
inet_timewait_sock.c
inetpeer.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-06-12 14:27:40 -07:00
ip_forward.c net: rename local_df to ignore_df 2014-05-12 14:03:41 -04:00
ip_fragment.c inet: frags: use kmem_cache for inet_frag_queue 2014-08-02 15:31:31 -07:00
ip_gre.c gre: allow changing mac address when device is up 2014-06-10 22:46:42 -07:00
ip_input.c
ip_options.c ipv4: fix buffer overflow in ip_options_compile() 2014-07-21 20:16:26 -07:00
ip_output.c net-timestamp: add key to disambiguate concurrent datagrams 2014-08-05 16:35:54 -07:00
ip_sockglue.c ipv4: clean up cast warning in do_ip_getsockopt 2014-07-29 16:31:16 -07:00
ip_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-05 18:46:26 -07:00
ip_tunnel_core.c net: Support for multiple checksums with gso 2014-06-04 22:46:38 -07:00
ip_vti.c vti: Simplify error handling in module init and exit 2014-06-26 08:21:57 +02:00
ipcomp.c
ipconfig.c ipconfig: Only bootp paths should reference ic_dev_xid. 2014-07-09 22:25:18 -07:00
ipip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-06-11 16:02:55 -07:00
ipmr.c net: set name_assign_type in alloc_netdev() 2014-07-15 16:12:48 -07:00
Kconfig udp: Add udp_sock_create for UDP tunnels to open listener socket 2014-07-14 16:12:15 -07:00
Makefile udp: Add udp_sock_create for UDP tunnels to open listener socket 2014-07-14 16:12:15 -07:00
netfilter.c
ping.c net: use inet6_iif instead of IP6CB()->iif 2014-07-31 22:37:06 -07:00
proc.c inet: frag: don't account number of fragment queues 2014-07-27 22:34:36 -07:00
protocol.c
raw.c ipv4: Make IP_MULTICAST_ALL and IP_MSFILTER work on raw sockets 2014-07-23 15:13:26 -07:00
route.c xfrm: Generate blackhole routes only from route lookup functions 2014-09-16 10:08:40 +02:00
syncookies.c tcp: cookie_v4_init_sequence: skb should be const 2014-06-27 15:53:35 -07:00
sysctl_net_ipv4.c ipv4: make ip_local_reserved_ports per netns 2014-05-14 15:31:45 -04:00
tcp.c tcp: don't use timestamp from repaired skb-s to calculate RTT (v2) 2014-08-14 14:38:54 -07:00
tcp_bic.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_cong.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_cubic.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-12 13:19:14 -04:00
tcp_diag.c
tcp_fastopen.c tcp: remove unnecessary tcp_sk assignment. 2014-06-16 21:35:00 -07:00
tcp_highspeed.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_htcp.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_hybla.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_illinois.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_input.c tcp: fix ssthresh and undo for consecutive short FRTO episodes 2014-08-14 14:38:55 -07:00
tcp_ipv4.c tcp: fix tcp_release_cb() to dispatch via address family for mtu_reduced() 2014-08-14 14:38:54 -07:00
tcp_lp.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_memcontrol.c cgroup: replace cgroup_add_cftypes() with cgroup_add_legacy_cftypes() 2014-07-15 11:05:09 -04:00
tcp_metrics.c tcp: don't allow syn packets without timestamps to pass tcp_tw_recycle logic 2014-08-14 14:38:54 -07:00
tcp_minisocks.c inet: move ipv6only in sock_common 2014-07-01 23:46:21 -07:00
tcp_offload.c net-timestamp: cumulative tcp timestamping fixes 2014-08-06 14:09:01 -07:00
tcp_output.c tcp: fix tcp_release_cb() to dispatch via address family for mtu_reduced() 2014-08-14 14:38:54 -07:00
tcp_probe.c
tcp_scalable.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tcp_timer.c tcp: reduce spurious retransmits due to transient SACK reneging 2014-08-05 16:29:33 -07:00
tcp_vegas.c tcp: Fix integer-overflow in TCP vegas 2014-07-30 17:31:06 -07:00
tcp_vegas.h
tcp_veno.c tcp: Fix integer-overflows in TCP veno 2014-07-30 17:31:06 -07:00
tcp_westwood.c
tcp_yeah.c tcp: remove in_flight parameter from cong_avoid() methods 2014-05-03 19:23:07 -04:00
tunnel4.c
udp.c sock: remove skb argument from sk_rcvqueues_full 2014-07-23 13:23:06 -07:00
udp_diag.c
udp_impl.h
udp_offload.c net/udp_offload: Use IS_ERR_OR_NULL 2014-07-29 15:31:56 -07:00
udp_tunnel.c udp: Add udp_sock_create for UDP tunnels to open listener socket 2014-07-14 16:12:15 -07:00
udplite.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c inetpeer: get rid of ip_id_count 2014-06-02 11:00:41 -07:00
xfrm4_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
xfrm4_policy.c xfrm: Introduce xfrm_input_afinfo to access the the callbacks properly 2014-03-14 07:28:07 +01:00
xfrm4_protocol.c xfrm4: Remove duplicate semicolon 2014-06-30 07:49:47 +02:00
xfrm4_state.c
xfrm4_tunnel.c