1. 01 Feb, 2012 3 commits
    • Shawn Lu's avatar
      tcp: md5: RST: getting md5 key from listener · 658ddaaf
      Shawn Lu authored
      TCP RST mechanism is broken in TCP md5(RFC2385). When
      connection is gone, md5 key is lost, sending RST
      without md5 hash is deem to ignored by peer. This can
      be a problem since RST help protocal like bgp to fast
      recove from peer crash.
      
      In most case, users of tcp md5, such as bgp and ldp,
      have listener on both sides to accept connection from peer.
      md5 keys for peers are saved in listening socket.
      
      There are two cases in finding md5 key when connection is
      lost:
      1.Passive receive RST: The message is send to well known port,
      tcp will associate it with listner. md5 key is gotten from
      listener.
      
      2.Active receive RST (no sock): The message is send to ative
      side, there is no socket associated with the message. In this
      case, finding listener from source port, then find md5 key from
      listener.
      
      we are not loosing sercuriy here:
      packet is checked with md5 hash. No RST is generated
      if md5 hash doesn't match or no md5 key can be found.
      Signed-off-by: default avatarShawn Lu <shawn.lu@ericsson.com>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      658ddaaf
    • Dan Carpenter's avatar
      xfrm6: remove unneeded NULL check in __xfrm6_output() · 5b11b2e4
      Dan Carpenter authored
      We don't check for NULL consistently in __xfrm6_output().  If "x" were
      NULL here it would lead to an OOPs later.  I asked Steffen Klassert
      about this and he suggested that we remove the NULL check.
      
      On 10/29/11, Steffen Klassert <steffen.klassert@secunet.com> wrote:
      >> net/ipv6/xfrm6_output.c
      >>    148
      >>    149		if ((x && x->props.mode == XFRM_MODE_TUNNEL) &&
      >>                           ^
      >
      > x can't be null here. It would be a bug if __xfrm6_output() is called
      > without a xfrm_state attached to the skb. I think we can just remove
      > this null check.
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b11b2e4
    • Eric Dumazet's avatar
      tcp: md5: protects md5sig_info with RCU · a8afca03
      Eric Dumazet authored
      This patch makes sure we use appropriate memory barriers before
      publishing tp->md5sig_info, allowing tcp_md5_do_lookup() being used from
      tcp_v4_send_reset() without holding socket lock (upcoming patch from
      Shawn Lu)
      
      Note we also need to respect rcu grace period before its freeing, since
      we can free socket without this grace period thanks to
      SLAB_DESTROY_BY_RCU
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Cc: Shawn Lu <shawn.lu@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a8afca03
  2. 31 Jan, 2012 10 commits
  3. 30 Jan, 2012 9 commits
  4. 29 Jan, 2012 1 commit
  5. 28 Jan, 2012 5 commits
  6. 27 Jan, 2012 12 commits