kevin/linux
1
Fork 0
Code
e53820de0f
linux/include/net
History
Masahide NAKAMURA e53820de0f [XFRM] IPV6: Restrict bundle reusing 
For outbound transformation, bundle is checked whether it is
suitable for current flow to be reused or not. In such IPv6 case
as below, transformation may apply incorrect bundle for the flow instead
of creating another bundle:

- The policy selector has destination prefix length < 128
  (Two or more addresses can be matched it)
- Its bundle holds dst entry of default route whose prefix length < 128
  (Previous traffic was used such route as next hop)
- The policy and the bundle were used a transport mode state and
  this time flow address is not matched the bundled state.

This issue is found by Mobile IPv6 usage to protect mobility signaling
by IPsec, but it is not a Mobile IPv6 specific.
This patch adds strict check to xfrm_bundle_ok() for each
state mode and address when prefix length is less than 128.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 15:06:44 -07:00
..
bluetooth [Bluetooth] Use real devices for host controllers 2006-07-03 19:54:02 -07:00
irda [PATCH] irq-flags: drivers/net: Use the new IRQF_ constants 2006-07-02 13:58:51 -07:00
netfilter Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
sctp [SCTP]: Remove multiple levels of msecs to jiffies conversions. 2006-09-22 14:55:39 -07:00
tc_act [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
tipc [TIPC]: Corrected potential misuse of tipc_media_addr structure. 2006-06-25 23:38:29 -07:00
act_api.h [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
addrconf.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
af_unix.h [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
ah.h [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
arp.h [IPV4]: Possible cleanups. 2006-04-14 15:00:20 -07:00
atmclip.h
ax25.h [AX.25]: Reference counting for AX.25 routes. 2006-07-03 19:30:18 -07:00
checksum.h
cipso_ipv4.h [NetLabel]: core network changes 2006-09-22 14:53:32 -07:00
compat.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
datalink.h
dn_dev.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_fib.h [DECNET]: cleanups 2006-09-22 14:54:40 -07:00
dn_neigh.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_nsp.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_route.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dsfield.h
dst.h [XFRM] STATE: Support non-fragment outbound transformation headers. 2006-09-22 15:06:41 -07:00
esp.h [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
fib_rules.h [NET]: Introduce RTA_TABLE/FRA_TABLE attributes 2006-09-22 14:54:25 -07:00
flow.h [MLSXFRM]: Flow based matching of xfrm policy and state 2006-09-22 14:53:24 -07:00
gen_stats.h
genetlink.h [NETLINK]: Add notification message sending interface 2006-09-22 14:54:49 -07:00
icmp.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ieee80211_crypt.h
ieee80211_radiotap.h
ieee80211.h [PATCH] wireless: Changes to ieee80211.h for user space regulatory daemon 2006-06-15 15:48:13 -04:00
ieee80211softmac_wx.h [PATCH] softmac: add SIOCSIWMLME 2006-04-24 16:15:58 -04:00
ieee80211softmac.h [PATCH] SoftMAC: Prevent multiple authentication attempts on the same network 2006-07-05 13:42:58 -04:00
if_inet6.h [IPV6]: ADDRCONF: Use our standard algorithm for randomized ifid. 2006-03-20 16:54:09 -08:00
inet6_connection_sock.h
inet6_hashtables.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
inet_common.h
inet_connection_sock.h [ICSK] compat: Introduce inet_csk_compat_[gs]etsockopt 2006-03-20 22:46:16 -08:00
inet_ecn.h
inet_hashtables.h [IPV4]: Use network-order dport for all visible inet_lookup_* 2006-09-22 14:54:14 -07:00
inet_sock.h [INET]: Remove is_setbyuser patch 2006-09-22 14:54:10 -07:00
inet_timewait_sock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 2006-05-06 19:59:18 +01:00
inetpeer.h
ip6_checksum.h
ip6_fib.h [IPV6] ROUTE: Unify RT6_F_xxx and RT6_SELECT_F_xxx flags 2006-09-22 14:55:56 -07:00
ip6_route.h [IPV6] ROUTE: Unify RT6_F_xxx and RT6_SELECT_F_xxx flags 2006-09-22 14:55:56 -07:00
ip6_tunnel.h
ip_fib.h [IPv4]: Convert route get to new netlink api 2006-09-22 14:55:06 -07:00
ip_mp_alg.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ip_vs.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
ip.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
ipcomp.h [CRYPTO] users: Use crypto_comp and crypto_has_* 2006-09-21 11:46:22 +10:00
ipconfig.h
ipip.h
ipv6.h [IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls 2006-08-02 13:38:14 -07:00
ipx.h
iw_handler.h [PATCH] WE-20 for kernel 2.6.16 2006-03-23 07:12:57 -05:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h [LLC]: add multicast support for datagrams 2006-06-17 21:26:08 -07:00
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h [LLC]: llc_mac_hdr_init const arguments 2006-03-20 22:59:36 -08:00
ndisc.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
neighbour.h [NEIGHBOUR]: Use ALIGN() macro. 2006-09-22 14:54:23 -07:00
netdma.h [NET]: Fix more per-cpu typos 2006-08-02 15:02:31 -07:00
netevent.h [NET]: Network Event Notifier Mechanism. 2006-08-02 13:38:20 -07:00
netlabel.h [NetLabel]: core network changes 2006-09-22 14:53:32 -07:00
netlink.h [IPv4]: FIB configuration using struct fib_config 2006-09-22 14:55:04 -07:00
netrom.h [NETROM]: Eleminate HZ from NET/ROM kernel interfaces 2006-05-03 23:27:47 -07:00
nexthop.h [IPv4]: FIB configuration using struct fib_config 2006-09-22 14:55:04 -07:00
p8022.h
pkt_cls.h
pkt_sched.h [PKT_SCHED]: Fix regression in PSCHED_TADD{,2}. 2006-07-24 12:44:23 -07:00
protocol.h [NET] gso: Fix up GSO packets with broken checksums 2006-07-08 13:34:56 -07:00
psnap.h
raw.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
rawv6.h
red.h [PKT_SCHED] RED: Fix overflow in calculation of queue average 2006-08-04 22:59:51 -07:00
request_sock.h [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
rose.h [ROSE]: Eleminate HZ from ROSE kernel interfaces 2006-05-03 23:28:20 -07:00
route.h [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
sch_generic.h Don't include linux/config.h from anywhere else in include/ 2006-04-26 12:56:16 +01:00
scm.h [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
slhc_vj.h
snmp.h [SCTP]: Extend /proc/net/sctp/snmp to provide more statistics. 2006-09-22 14:55:16 -07:00
sock.h [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
syncppp.h
tcp_ecn.h [IPV6]: Added GSO support for TCPv6 2006-06-30 14:12:10 -07:00
tcp_states.h
tcp.h [TCP]: SNMPv2 tcpAttemptFails counter error 2006-08-02 13:38:19 -07:00
timewait_sock.h
transp_v6.h
udp.h
x25.h [X25]: allow ITU-T DTE facilities for x25 2006-03-22 00:01:31 -08:00
x25device.h [X25]: Restore skb->dev setting in x25_type_trans(). 2006-04-09 22:37:18 -07:00
xfrm.h [XFRM] IPV6: Restrict bundle reusing 2006-09-22 15:06:44 -07:00