diff options
| author | David S. Miller <davem@davemloft.net> | 2017-11-01 19:27:46 +0900 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-11-01 19:27:46 +0900 |
| commit | 122f00cdc1bb27cb0ff4b0a8cffa3bb27f61f949 (patch) | |
| tree | d4ee44d28cf00a6a355f7f6eba870a3d1acaafcd | |
| parent | 62b0e9243fca257217ef72f383bd38ed5a542b5e (diff) | |
| parent | 73b9fc49b4c0116a04eda3979f64ed9b540b153c (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2017-11-01
1) Fix a memleak when a packet matches a policy
without a matching state.
2) Reset the socket cached dst_entry when inserting
a socket policy, otherwise the policy might be
ignored. From Jonathan Basseri.
3) Fix GSO for a IPsec, GRE tunnel combination.
We reset the encapsulation field at the skb
too erly, as a result GRE does not segment
GSO packets. Fix this by resetting the the
encapsulation field right before the
transformation where the inner headers get
invalid.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/xfrm/xfrm_output.c | 4 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 1 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 1 |
3 files changed, 4 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 31a2e6d34dba..73ad8c8ef344 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c @@ -105,6 +105,9 @@ static int xfrm_output_one(struct sk_buff *skb, int err) if (xfrm_offload(skb)) { x->type_offload->encap(x, skb); } else { + /* Inner headers are invalid now. */ + skb->encapsulation = 0; + err = x->type->output(x, skb); if (err == -EINPROGRESS) goto out; @@ -208,7 +211,6 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) int err; secpath_reset(skb); - skb->encapsulation = 0; if (xfrm_dev_offload_ok(skb, x)) { struct sec_path *sp; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 2746b62a8944..8cafb3c0a4ac 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -2076,7 +2076,6 @@ make_dummy_bundle: xdst->num_xfrms = num_xfrms; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); - dst_hold(&xdst->u.dst); return xdst; inc_error: diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 12213477cd3a..1f5cee2269af 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2069,6 +2069,7 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen if (err >= 0) { xfrm_sk_policy_insert(sk, err, pol); xfrm_pol_put(pol); + __sk_dst_reset(sk); err = 0; } |