Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (25 commits) [XFRM]: Allow packet drops during larval state resolution. [CASSINI]: Check pci_set_mwi() return value. [NET]: "wrong timeout value" in sk_wait_data() v2 [NETFILTER]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook [NETFILTER]: nf_conntrack_h323: add missing T.120 address in OLCA [NETFILTER]: nf_conntrack_h323: remove unnecessary process of Information signal [NETFILTER]: nf_conntrack_h323: fix get_h225_addr() for IPv6 address access [NETFILTER]: nf_conntrack_h323: fix ASN.1 types [NETFILTER]: nf_conntrack_ftp: fix newline sequence number calculation [NETFILTER]: nf_conntrack_ftp: fix newline sequence number update [NET_SCHED]: sch_htb: fix event cache time calculation [DCCP]: Fix build warning when debugging is disabled. [TIPC]: Fixed erroneous introduction of for_each_netdev [RTNETLINK]: Fix sending netlink message when replace route. [TR]: Use menuconfig objects. [ARCNET]: Use menuconfig objects. [TIPC]: Use menuconfig objects. [SCTP]: Use menuconfig objects. [IPVS]: Use menuconfig objects. [DCCP]: Use menuconfig objects. ...
author: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-05-25 03:41:28 +0200
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-05-25 03:41:28 +0200
commit: 1c1ee4c3e7e16d23166a624a132889df3c540a18 (patch)
tree: c6f20db95c421f7171f85bbe022f58a678b93ba5 /net/xfrm/xfrm_policy.c
parent: Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/... (diff)
parent: [XFRM]: Allow packet drops during larval state resolution. (diff)
download: linux-1c1ee4c3e7e16d23166a624a132889df3c540a18.tar.xz
linux-1c1ee4c3e7e16d23166a624a132889df3c540a18.zip
1 files changed, 26 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index d0882e53b6fc..b8bab89616a0 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -29,6 +29,8 @@
 
 #include "xfrm_hash.h"
 
+int sysctl_xfrm_larval_drop;
+
 DEFINE_MUTEX(xfrm_cfg_mutex);
 EXPORT_SYMBOL(xfrm_cfg_mutex);
 
@@ -1390,8 +1392,8 @@ static int stale_bundle(struct dst_entry *dst);
  * At the moment we eat a raw IP route. Mostly to speed up lookups
  * on interfaces with disabled IPsec.
  */
-int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
-		struct sock *sk, int flags)
+int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
+		  struct sock *sk, int flags)
 {
 	struct xfrm_policy *policy;
 	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
@@ -1509,6 +1511,13 @@ restart:
 
 		if (unlikely(nx<0)) {
 			err = nx;
+			if (err == -EAGAIN && sysctl_xfrm_larval_drop) {
+				/* EREMOTE tells the caller to generate
+				 * a one-shot blackhole route.
+				 */
+				xfrm_pol_put(policy);
+				return -EREMOTE;
+			}
 			if (err == -EAGAIN && flags) {
 				DECLARE_WAITQUEUE(wait, current);
 
@@ -1598,6 +1607,21 @@ error:
 	*dst_p = NULL;
 	return err;
 }
+EXPORT_SYMBOL(__xfrm_lookup);
+
+int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
+		struct sock *sk, int flags)
+{
+	int err = __xfrm_lookup(dst_p, fl, sk, flags);
+
+	if (err == -EREMOTE) {
+		dst_release(*dst_p);
+		*dst_p = NULL;
+		err = -EAGAIN;
+	}
+
+	return err;
+}
 EXPORT_SYMBOL(xfrm_lookup);
 
 static inline int
author	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-05-25 03:41:28 +0200
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-05-25 03:41:28 +0200
commit	1c1ee4c3e7e16d23166a624a132889df3c540a18 (patch)
tree	c6f20db95c421f7171f85bbe022f58a678b93ba5 /net/xfrm/xfrm_policy.c
parent	Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/... (diff)
parent	[XFRM]: Allow packet drops during larval state resolution. (diff)
download	linux-1c1ee4c3e7e16d23166a624a132889df3c540a18.tar.xz linux-1c1ee4c3e7e16d23166a624a132889df3c540a18.zip