linux/net
David S. Miller 9b78a82c1c [IPSEC]: Fix policy updates missed by sockets
The problem is that when new policies are inserted, sockets do not see
the update (but all new route lookups do).

This bug is related to the SA insertion stale route issue solved
recently, and this policy visibility problem can be fixed in a similar
way.

The fix is to flush out the bundles of all policies deeper than the
policy being inserted.  Consider beginning state of "outgoing"
direction policy list:

	policy A --> policy B --> policy C --> policy D

First, realize that inserting a policy into a list only potentially
changes IPSEC routes for that direction.  Therefore we need not bother
considering the policies for other directions.  We need only consider
the existing policies in the list we are doing the inserting.

Consider new policy "B'", inserted after B.

	policy A --> policy B --> policy B' --> policy C --> policy D

Two rules:

1) If policy A or policy B matched before the insertion, they
   appear before B' and thus would still match after inserting
   B'

2) Policy C and D, now "shadowed" and after policy B', potentially
   contain stale routes because policy B' might be selected
   instead of them.

Therefore we only need flush routes assosciated with policies
appearing after a newly inserted policy, if any.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-12-22 07:39:48 -08:00
..
802 [NET]: kfree cleanup 2005-11-08 09:41:34 -08:00
8021q [VLAN]: Add two missing checks to vlan_ioctl_handler() 2005-12-21 18:39:49 -08:00
appletalk [APPLETALK]: Fix broadcast bug. 2005-09-27 16:11:29 -07:00
atm [ATM]: deregistration removes device from atm_devs list immediately 2005-11-29 16:16:41 -08:00
ax25 [NET]: kfree cleanup 2005-11-08 09:41:34 -08:00
bluetooth [Bluetooth]: Remove the usage of /proc completely 2005-11-08 09:57:38 -08:00
bridge [BRIDGE-NF]: Fix bridge-nf ipv6 length check 2005-12-19 14:00:08 -08:00
core [NET]: Fix NULL pointer deref in checksum debugging. 2005-12-08 15:21:39 -08:00
dccp [DCCP]: Comment typo 2005-12-21 19:02:39 -08:00
decnet [DECNET]: add memory buffer settings 2005-12-05 13:42:06 -08:00
econet [IPV4]: Replace __in_dev_get with __in_dev_get_rcu/rtnl 2005-10-03 14:35:55 -07:00
ethernet [NET]: kfree cleanup 2005-11-08 09:41:34 -08:00
ieee80211 [PATCH] ieee80211_crypt_tkip depends on NET_RADIO 2005-12-12 23:59:28 -05:00
ipv4 [XFRM]: Handle DCCP in xfrm{4,6}_decode_session 2005-12-19 14:03:46 -08:00
ipv6 [IPV6]: Fix address deletion 2005-12-21 18:47:24 -08:00
ipx [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
irda [NET]: kfree cleanup 2005-11-08 09:41:34 -08:00
key [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
lapb [NET]: Kill skb->list 2005-08-29 15:31:14 -07:00
llc [LLC]: Fix compiler warnings introduced by TX window scaling changes. 2005-11-17 15:17:42 -08:00
netfilter [NETFILTER]: Wait for untracked references in nf_conntrack module unload 2005-12-05 13:36:50 -08:00
netlink [NETLINK]: Use tgid instead of pid for nlmsg_pid 2005-11-22 14:41:50 -08:00
netrom [NETROM]: Fix three if-statements in nr_state1_machine() 2005-12-21 18:38:26 -08:00
packet [AF_PACKET]: Convert PACKET_MMAP over to vm_insert_page(). 2005-12-06 16:38:35 -08:00
rose [NET]: kfree cleanup 2005-11-08 09:41:34 -08:00
rxrpc [NET]: Detect hardware rx checksum faults correctly 2005-11-10 13:01:24 -08:00
sched [PKT_SCHED]: Disable debug tracing logs by default in packet action API. 2005-12-13 22:59:50 -08:00
sctp [SCTP]: Fix sctp to not return erroneous POLLOUT events. 2005-12-19 14:24:40 -08:00
sunrpc SUNRPC: Fix "EPIPE" error on mount of rpcsec_gss-protected partitions 2005-12-19 23:12:21 -05:00
unix [PATCH] add a vfs_permission helper 2005-11-09 07:55:58 -08:00
wanrouter [NET]: kfree cleanup 2005-11-08 09:41:34 -08:00
x25 [TCP]: Move the tcp sock states to net/tcp_states.h 2005-08-29 15:41:54 -07:00
xfrm [IPSEC]: Fix policy updates missed by sockets 2005-12-22 07:39:48 -08:00
Kconfig [NETFILTER] move nfnetlink options to right location in kconfig menu 2005-09-17 00:41:21 -07:00
Makefile [NETFILTER]: link 'netfilter' before ipv4 2005-11-14 15:25:59 -08:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
compat.c [PATCH] Fix 32bit sendmsg() flaw 2005-09-08 08:14:11 -07:00
nonet.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
socket.c [NET]: Fix module reference counts for loadable protocol modules 2005-09-27 15:23:38 -07:00
sysctl_net.c [NET]: Fix "sysctl_net.c:36: error: 'core_table' undeclared here" 2005-10-03 14:16:34 -07:00