diff options
| author | Cong Wang <[email protected]> | 2019-03-22 16:26:19 -0700 |
|---|---|---|
| committer | Steffen Klassert <[email protected]> | 2019-03-26 08:35:36 +0100 |
| commit | dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 (patch) | |
| tree | c6e1c958e3d59c14e1c3b6d1dfa3a95df4a6d8e0 /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | 01ce31c57b3f07c91c9d45bbaf126124cce83a5d (diff) | |
xfrm: clean up xfrm protocol checks
In commit 6a53b7593233 ("xfrm: check id proto in validate_tmpl()")
I introduced a check for xfrm protocol, but according to Herbert
IPSEC_PROTO_ANY should only be used as a wildcard for lookup, so
it should be removed from validate_tmpl().
And, IPSEC_PROTO_ANY is expected to only match 3 IPSec-specific
protocols, this is why xfrm_state_flush() could still miss
IPPROTO_ROUTING, which leads that those entries are left in
net->xfrm.state_all before exit net. Fix this by replacing
IPSEC_PROTO_ANY with zero.
This patch also extracts the check from validate_tmpl() to
xfrm_id_proto_valid() and uses it in parse_ipsecrequest().
With this, no other protocols should be added into xfrm.
Fixes: 6a53b7593233 ("xfrm: check id proto in validate_tmpl()")
Reported-by: [email protected]
Cc: Steffen Klassert <[email protected]>
Cc: Herbert Xu <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Acked-by: Herbert Xu <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions