kernel_optimize_test/net/ipv6
Steffen Klassert f92ee61982 xfrm: Generate blackhole routes only from route lookup functions
Currently we genarate a blackhole route route whenever we have
matching policies but can not resolve the states. Here we assume
that dst_output() is called to kill the balckholed packets.
Unfortunately this assumption is not true in all cases, so
it is possible that these packets leave the system unwanted.

We fix this by generating blackhole routes only from the
route lookup functions, here we can guarantee a call to
dst_output() afterwards.

Fixes: 2774c131b1 ("xfrm: Handle blackhole route creation via afinfo.")
Reported-by: Konstantinos Kolelis <k.kolelis@sirrix.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-09-16 10:08:40 +02:00
..
netfilter netfilter: fix missing dependencies in NETFILTER_XT_TARGET_LOG 2014-09-02 13:59:54 -07:00
addrconf_core.c
addrconf.c ipv6: clean up anycast when an interface is destroyed 2014-09-12 17:33:06 -04:00
addrlabel.c list: fix order of arguments for hlist_add_after(_rcu) 2014-08-06 18:01:24 -07:00
af_inet6.c
ah6.c
anycast.c ipv6: clean up anycast when an interface is destroyed 2014-09-12 17:33:06 -04:00
datagram.c
esp6.c
exthdrs_core.c
exthdrs_offload.c
exthdrs.c
fib6_rules.c
icmp.c net: fix the counter ICMP_MIB_INERRORS/ICMP6_MIB_INERRORS 2014-07-31 22:04:18 -07:00
inet6_connection_sock.c
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c net: ipv6: fib: don't sleep inside atomic lock 2014-08-22 10:54:49 -07:00
ip6_flowlabel.c
ip6_gre.c
ip6_icmp.c
ip6_input.c
ip6_offload.c
ip6_offload.h
ip6_output.c xfrm: Generate blackhole routes only from route lookup functions 2014-09-16 10:08:40 +02:00
ip6_tunnel.c
ip6_vti.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2014-07-30 20:05:54 -07:00
ip6mr.c
ipcomp6.c
ipv6_sockglue.c ipv6: remove unnecessary break after return 2014-07-15 16:27:01 -07:00
Kconfig
Makefile
mcast.c ipv6: fix rtnl locking in setsockopt for anycast and multicast 2014-09-05 11:52:28 -07:00
mip6.c
ndisc.c neigh: remove exceptional & on function name 2014-07-24 23:23:31 -07:00
netfilter.c
output_core.c
ping.c
proc.c inet: frag: don't account number of fragment queues 2014-07-27 22:34:36 -07:00
protocol.c
raw.c net: use inet6_iif instead of IP6CB()->iif 2014-07-31 22:37:06 -07:00
reassembly.c inet: frags: use kmem_cache for inet_frag_queue 2014-08-02 15:31:31 -07:00
route.c
sit.c sit: Fix ipip6_tunnel_lookup device matching criteria 2014-08-14 14:38:54 -07:00
syncookies.c
sysctl_net_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-05 18:46:26 -07:00
tcp_ipv6.c tcp: fix tcp_release_cb() to dispatch via address family for mtu_reduced() 2014-08-14 14:38:54 -07:00
tcpv6_offload.c net-gre-gro: Fix a bug that breaks the forwarding path 2014-07-16 14:45:26 -07:00
tunnel6.c
udp_impl.h
udp_offload.c
udp.c net: use inet6_iif instead of IP6CB()->iif 2014-07-31 22:37:06 -07:00
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c