summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan.c2
-rw-r--r--net/core/dev.c6
-rw-r--r--net/ipv4/devinet.c3
-rw-r--r--net/ipv4/esp4.c5
-rw-r--r--net/ipv6/esp6.c6
-rw-r--r--net/ipv6/xfrm6_policy.c2
-rw-r--r--net/xfrm/xfrm_policy.c9
7 files changed, 22 insertions, 11 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 5b18315..4add9bd 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -124,8 +124,8 @@ static void __exit vlan_cleanup_module(void)
{
int i;
- vlan_netlink_fini();
vlan_ioctl_set(NULL);
+ vlan_netlink_fini();
/* Un-register us from receiving netdevice events */
unregister_netdevice_notifier(&vlan_notifier_block);
diff --git a/net/core/dev.c b/net/core/dev.c
index 86d6261..26a3a3a 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3972,8 +3972,7 @@ void synchronize_net(void)
* @dev: device
*
* This function shuts down a device interface and removes it
- * from the kernel tables. On success 0 is returned, on a failure
- * a negative errno code is returned.
+ * from the kernel tables.
*
* Callers must hold the rtnl semaphore. You may want
* unregister_netdev() instead of this.
@@ -3991,8 +3990,7 @@ void unregister_netdevice(struct net_device *dev)
* @dev: device
*
* This function shuts down a device interface and removes it
- * from the kernel tables. On success 0 is returned, on a failure
- * a negative errno code is returned.
+ * from the kernel tables.
*
* This is just a wrapper for unregister_netdevice that takes
* the rtnl semaphore. In general you want to use this and not
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 55d199e..3168c3d 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -516,8 +516,6 @@ static struct in_ifaddr *rtm_to_ifaddr(struct nlmsghdr *nlh)
goto errout;
}
- ipv4_devconf_setall(in_dev);
-
ifa = inet_alloc_ifa();
if (ifa == NULL) {
/*
@@ -528,6 +526,7 @@ static struct in_ifaddr *rtm_to_ifaddr(struct nlmsghdr *nlh)
goto errout;
}
+ ipv4_devconf_setall(in_dev);
in_dev_hold(in_dev);
if (tb[IFA_ADDRESS] == NULL)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index c31bccb..1738113 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -9,6 +9,7 @@
#include <linux/pfkeyv2.h>
#include <linux/random.h>
#include <linux/spinlock.h>
+#include <linux/in6.h>
#include <net/icmp.h>
#include <net/protocol.h>
#include <net/udp.h>
@@ -224,6 +225,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
/* ... check padding bits here. Silly. :-) */
+ /* RFC4303: Drop dummy packets without any error */
+ if (nexthdr[1] == IPPROTO_NONE)
+ goto out;
+
iph = ip_hdr(skb);
ihl = iph->ihl * 4;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 7db66f1..4440532 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -230,6 +230,12 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
}
/* ... check padding bits here. Silly. :-) */
+ /* RFC4303: Drop dummy packets without any error */
+ if (nexthdr[1] == IPPROTO_NONE) {
+ ret = -EINVAL;
+ goto out;
+ }
+
pskb_trim(skb, skb->len - alen - padlen - 2);
ret = nexthdr[1];
}
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 82e27b8..b8e9eb4 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -233,7 +233,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
dst_prev->output = dst_prev->xfrm->outer_mode->afinfo->output;
/* Sheit... I remember I did this right. Apparently,
* it was magically lost, so this code needs audit */
- x->u.rt6.rt6i_flags = rt0->rt6i_flags&(RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL);
+ x->u.rt6.rt6i_flags = rt0->rt6i_flags&(RTF_ANYCAST|RTF_LOCAL);
x->u.rt6.rt6i_metric = rt0->rt6i_metric;
x->u.rt6.rt6i_node = rt0->rt6i_node;
x->u.rt6.rt6i_gateway = rt0->rt6i_gateway;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 9a4cf2e..b91b166 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1318,8 +1318,9 @@ restart:
if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
+ err = PTR_ERR(policy);
if (IS_ERR(policy))
- return PTR_ERR(policy);
+ goto dropdst;
}
if (!policy) {
@@ -1330,8 +1331,9 @@ restart:
policy = flow_cache_lookup(fl, dst_orig->ops->family,
dir, xfrm_policy_lookup);
+ err = PTR_ERR(policy);
if (IS_ERR(policy))
- return PTR_ERR(policy);
+ goto dropdst;
}
if (!policy)
@@ -1501,8 +1503,9 @@ restart:
return 0;
error:
- dst_release(dst_orig);
xfrm_pols_put(pols, npols);
+dropdst:
+ dst_release(dst_orig);
*dst_p = NULL;
return err;
}
generated by cgit v0.10.2 at 2024-11-05 13:16:00 (GMT)