linux_dsm_epyc7002/net/xfrm
Steffen Klassert 43a4dea4c9 xfrm: Assign the inner mode output function to the dst entry
As it is, we assign the outer modes output function to the dst entry
when we create the xfrm bundle. This leads to two problems on interfamily
scenarios. We might insert ipv4 packets into ip6_fragment when called
from xfrm6_output. The system crashes if we try to fragment an ipv4
packet with ip6_fragment. This issue was introduced with git commit
ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets
as needed). The second issue is, that we might insert ipv4 packets in
netfilter6 and vice versa on interfamily scenarios.

With this patch we assign the inner mode output function to the dst entry
when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner
mode is used and the right fragmentation and netfilter functions are called.
We switch then to outer mode with the output_finish functions.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-10 15:03:34 -07:00
..
Kconfig ipsec: ipcomp - Merge IPComp implementations 2008-07-25 02:54:40 -07:00
Makefile xfrm: Move IPsec replay detection functions to a separate file 2011-03-13 20:22:30 -07:00
xfrm_algo.c xfrm: Pass name as const to xfrm_*_get_byname(). 2011-02-27 23:04:45 -08:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h xfrm: Const'ify address args to hash helpers. 2011-02-23 23:07:42 -08:00
xfrm_input.c xfrm: Move the test on replay window size into the replay check functions 2011-03-28 23:34:51 -07:00
xfrm_ipcomp.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
xfrm_output.c dst: Clone child entry in skb_dst_pop 2011-03-27 17:55:01 -07:00
xfrm_policy.c xfrm: Assign the inner mode output function to the dst entry 2011-05-10 15:03:34 -07:00
xfrm_proc.c xfrm: Introduce LINUX_MIB_XFRMFWDHDRERROR 2010-02-18 15:43:09 -08:00
xfrm_replay.c xfrm: Fix replay window size calculation on initialization 2011-04-26 12:46:03 -07:00
xfrm_state.c xfrm: Assign esn pointers when cloning a state 2011-03-28 23:34:52 -07:00
xfrm_sysctl.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
xfrm_user.c xfrm: Check for the new replay implementation if an esn state is inserted 2011-04-26 12:46:04 -07:00