github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
6faa620606
linux/net
History
Martin Willi 6faa620606 xfrm: Honor original L3 slave device in xfrmi policy lookup 
[ Upstream commit 025c65e119 ]

If an xfrmi is associated to a vrf layer 3 master device,
xfrm_policy_check() fails after traffic decapsulation. The input
interface is replaced by the layer 3 master device, and hence
xfrmi_decode_session() can't match the xfrmi anymore to satisfy
policy checking.

Extend ingress xfrmi lookup to honor the original layer 3 slave
device, allowing xfrm interfaces to operate within a vrf domain.

Fixes: f203b76d78 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-05-25 18:23:41 +02:00
..
6lowpan
9p 9p: do not trust pdu content for stat item size 2019-04-20 09:16:00 +02:00
802
8021q vlan: disable SIOCSHWTSTAMP in container 2019-05-16 19:41:30 +02:00
appletalk appletalk: Fix use-after-free in atalk_proc_exit 2019-04-20 09:16:05 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-27 09:36:30 +02:00
ax25
batman-adv batman-adv: fix warning in function batadv_v_elp_get_throughput 2019-05-08 07:21:46 +02:00
bluetooth Bluetooth: Align minimum encryption key size for LE and BR/EDR connections 2019-05-10 17:54:11 +02:00
bpf
bpfilter
bridge bridge: Fix error path for kobject_init_and_add() 2019-05-16 19:41:29 +02:00
caif
can
ceph
core rtnetlink: always put IFLA_LINK for links with a link-netnsid 2019-05-25 18:23:21 +02:00
dcb
dccp
decnet
dns_resolver
dsa net: dsa: Fix error cleanup path in dsa_init_module 2019-05-16 19:41:29 +02:00
ethernet
hsr
ieee802154
ife
ipv4 esp4: add length check for UDP encapsulation 2019-05-25 18:23:41 +02:00
ipv6 xfrm: clean up xfrm protocol checks 2019-05-25 18:23:41 +02:00
iucv
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:38:40 +02:00
key xfrm: clean up xfrm protocol checks 2019-05-25 18:23:41 +02:00
l2tp l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() 2019-05-05 14:42:37 +02:00
l3mdev
lapb
llc
mac80211 mac80211: fix memory accounting with A-MSDU aggregation 2019-05-16 19:41:20 +02:00
mac802154
mpls
ncsi
netfilter netfilter: nf_tables: add missing ->release_ops() in error path of newrule() 2019-05-16 19:41:26 +02:00
netlabel
netlink
netrom net: netrom: Fix error cleanup path of nr_proto_init 2019-05-02 09:58:57 +02:00
nfc NFC: nci: Add some bounds checking in nci_hci_cmd_received() 2019-05-16 19:41:27 +02:00
nsh
openvswitch openvswitch: fix flow actions reallocation 2019-04-17 08:38:41 +02:00
packet packet: Fix error path in packet_init 2019-05-16 19:41:30 +02:00
phonet
psample
qrtr
rds net: rds: exchange of 8K and 1M pool 2019-05-02 09:59:00 +02:00
rfkill
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-05-02 09:59:00 +02:00
rxrpc rxrpc: Fix net namespace cleanup 2019-05-05 14:42:38 +02:00
sched sch_cake: Simplify logic in cake_select_tin() 2019-04-27 09:36:32 +02:00
sctp sctp: avoid running the sctp state machine recursively 2019-05-05 14:42:39 +02:00
smc
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-05-16 19:41:27 +02:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2019-05-02 09:58:55 +02:00
switchdev
tipc tipc: fix modprobe tipc failed after switch order of device registration 2019-05-25 18:23:22 +02:00
tls net/tls: fix the IV leaks 2019-05-16 19:41:27 +02:00
unix
vmw_vsock vsock/virtio: Initialize core virtio vsock before registering the driver 2019-05-25 18:23:22 +02:00
wimax
wireless nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands 2019-05-16 19:41:20 +02:00
x25
xdp xsk: fix umem memory leak on cleanup 2019-05-04 09:20:12 +02:00
xfrm xfrm: Honor original L3 slave device in xfrmi policy lookup 2019-05-25 18:23:41 +02:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c