diff options
author | David S. Miller <davem@davemloft.net> | 2014-09-22 16:41:41 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-09-22 16:41:41 -0400 |
commit | 84de67b29882efaacd05861f41e749c5e8f0c3ed (patch) | |
tree | e89c25f91ffab05ffdc680c5fef310b6a902a82c /net/ipv4/route.c | |
parent | 09f3756bb9a82835b0c2a9b50f36b47aa42f2c61 (diff) | |
parent | b8c203b2d2fc961bafd53b41d5396bbcdec55998 (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2014-09-22
We generate a blackhole or queueing route if a packet
matches an IPsec policy but a state can't be resolved.
Here we assume that dst_output() is called to kill
these packets. Unfortunately this assumption is not
true in all cases, so it is possible that these packets
leave the system without the necessary transformations.
This pull request contains two patches to fix this issue:
1) Fix for blackhole routed packets.
2) Fix for queue routed packets.
Both patches are serious stable candidates.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/route.c')
-rw-r--r-- | net/ipv4/route.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index eaa4b000c7b..173e7ea54c7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2265,9 +2265,9 @@ struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4, return rt; if (flp4->flowi4_proto) - rt = (struct rtable *) xfrm_lookup(net, &rt->dst, - flowi4_to_flowi(flp4), - sk, 0); + rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst, + flowi4_to_flowi(flp4), + sk, 0); return rt; } |