projects / firefly-linux-kernel-4.4.55.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: a4a1139)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec...
authorDavid S. Miller <davem@davemloft.net>
Wed, 26 Jun 2013 20:23:13 +0000 (13:23 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 26 Jun 2013 20:23:13 +0000 (13:23 -0700)
Steffen Klassert says:

====================
Just one patch this time.

1) Drop packets when the matching SA is in larval state and add a
   statistic counter for that. From Fan Du.

Please pull or let me know if there are problems.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
include/uapi/linux/snmp.h patch | blob | history
net/xfrm/xfrm_input.c patch | blob | history
net/xfrm/xfrm_proc.c patch | blob | history

diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index 26cbf76f8058535484180d6480444b5d9051bfe5..af0a674cc677f570bf5d5e04683957605d5e9ea1 100644 (file)
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -288,6 +288,7 @@ enum
        LINUX_MIB_XFRMOUTPOLERROR,              /* XfrmOutPolError */
        LINUX_MIB_XFRMFWDHDRERROR,              /* XfrmFwdHdrError*/
        LINUX_MIB_XFRMOUTSTATEINVALID,          /* XfrmOutStateInvalid */
+       LINUX_MIB_XFRMACQUIREERROR,             /* XfrmAcquireError */
        __LINUX_MIB_XFRMMAX
 };
 
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index ab2bb42fe094b7390d5135ec6e37b9113ea8219b..88843996f9359ec0ef90bc34dd3806ce3e8cedbf 100644 (file)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -163,6 +163,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                skb->sp->xvec[skb->sp->len++] = x;
 
                spin_lock(&x->lock);
+               if (unlikely(x->km.state == XFRM_STATE_ACQ)) {
+                       XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
+                       goto drop_unlock;
+               }
+
                if (unlikely(x->km.state != XFRM_STATE_VALID)) {
                        XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEINVALID);
                        goto drop_unlock;
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c
index c721b0d9ab8b355ba75bc92f5e7e602d9655bad6..80cd1e55b834260e484d0c7842fc8d827e0803ca 100644 (file)
--- a/net/xfrm/xfrm_proc.c
+++ b/net/xfrm/xfrm_proc.c
@@ -44,6 +44,7 @@ static const struct snmp_mib xfrm_mib_list[] = {
        SNMP_MIB_ITEM("XfrmOutPolError", LINUX_MIB_XFRMOUTPOLERROR),
        SNMP_MIB_ITEM("XfrmFwdHdrError", LINUX_MIB_XFRMFWDHDRERROR),
        SNMP_MIB_ITEM("XfrmOutStateInvalid", LINUX_MIB_XFRMOUTSTATEINVALID),
+       SNMP_MIB_ITEM("XfrmAcquireError", LINUX_MIB_XFRMACQUIREERROR),
        SNMP_MIB_SENTINEL
 };
 
Unnamed repository; edit this file 'description' to name the repository.