summaryrefslogtreecommitdiffstats
path: root/net/llc
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2006-08-13 18:55:53 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-08-13 18:55:53 -0700
commitd49c73c729e2ef644558a1f441c044bfacdc9744 (patch)
treedb35cd20d57fe5d9a7fcac5f40539902b6abbdf9 /net/llc
parent1c7628bd7a458faf7c96ef521f6d3a5ea9b106b8 (diff)
downloadlinux-d49c73c729e2ef644558a1f441c044bfacdc9744.tar.gz
linux-d49c73c729e2ef644558a1f441c044bfacdc9744.tar.bz2
linux-d49c73c729e2ef644558a1f441c044bfacdc9744.zip
[IPSEC]: Validate properly in xfrm_dst_check()
If dst->obsolete is -1, this is a signal from the bundle creator that we want the XFRM dst and the dsts that it references to be validated on every use. I misunderstood this intention when I changed xfrm_dst_check() to always return NULL. Now, when we purge a dst entry, by running dst_free() on it. This will set the dst->obsolete to a positive integer, and we want to return NULL in that case so that the socket does a relookup for the route. Thus, if dst->obsolete<0, let stale_bundle() validate the state, else always return NULL. In general, we need to do things more intelligently here because we flush too much state during rule changes. Herbert Xu has some ideas wherein the key manager gives us some help in this area. We can also use smarter state management algorithms inside of the kernel as well. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/llc')
0 files changed, 0 insertions, 0 deletions