linux/include/net
Eric Paris ef41aaa0b7 [IPSEC]: xfrm_policy delete security check misplaced
The security hooks to check permissions to remove an xfrm_policy were
actually done after the policy was removed.  Since the unlinking and
deletion are done in xfrm_policy_by* functions this moves the hooks
inside those 2 functions.  There we have all the information needed to
do the security check and it can be done before the deletion.  Since
auditing requires the result of that security check err has to be passed
back and forth from the xfrm_policy_by* functions.

This patch also fixes a bug where a deletion that failed the security
check could cause improper accounting on the xfrm_policy
(xfrm_get_policy didn't have a put on the exit path for the hold taken
by xfrm_policy_by*)

It also fixes the return code when no policy is found in
xfrm_add_pol_expire.  In old code (at least back in the 2.6.18 days) err
wasn't used before the return when no policy is found and so the
initialization would cause err to be ENOENT.  But since err has since
been used above when we don't get a policy back from the xfrm_policy_by*
function we would always return 0 instead of the intended ENOENT.  Also
fixed some white space damage in the same area.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07 16:08:09 -08:00
..
bluetooth [PATCH] hci endianness annotations 2006-12-13 09:05:52 -08:00
irda [IRDA] net/irda/: proper prototypes 2007-02-26 11:42:43 -08:00
iucv [S390]: Add AF_IUCV socket support 2007-02-08 13:51:54 -08:00
netfilter [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 2007-03-05 13:25:18 -08:00
sctp [SCTP]: Correctly handle unexpected INIT-ACK chunk. 2007-01-23 20:25:46 -08:00
tc_act [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
tipc [TIPC]: endianness annotations 2006-12-02 21:21:08 -08:00
act_api.h [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
addrconf.h [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
af_unix.h [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
ah.h [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
arp.h [IPV6]: Assorted trivial endianness annotations. 2006-12-02 21:22:50 -08:00
atmclip.h [ATM]: Annotations. 2006-12-02 21:22:55 -08:00
ax25.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
checksum.h [NET]: Make mangling a checksum (0 -> 0xffff on the wire) explicit. 2006-12-02 21:23:39 -08:00
cipso_ipv4.h NetLabel: use the correct CIPSOv4 MLS label limits 2006-12-02 21:24:12 -08:00
compat.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
datalink.h
dn_dev.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_fib.h [DECNET]: cleanups 2006-09-22 14:54:40 -07:00
dn_neigh.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_nsp.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_route.h [DECNET]: Convert decnet route to use the new dst_entry 'next' pointer 2007-02-10 23:20:43 -08:00
dn.h [NET]: Reduce sizeof(struct flowi) by 20 bytes. 2006-10-21 20:24:01 -07:00
dsfield.h [NET]: IP header modifier helpers annotations. 2006-12-02 21:23:40 -08:00
dst.h [NET]: Reorder fields of struct dst_entry 2007-02-10 23:20:45 -08:00
esp.h [IPSEC] esp: Defer output IV initialization to first use. 2006-09-22 15:17:35 -07:00
fib_rules.h [NETLINK]: Do precise netlink message allocations where possible 2006-12-02 21:22:11 -08:00
flow.h [NET]: Rethink mark field in struct flowi 2006-12-02 21:21:39 -08:00
gen_stats.h
genetlink.h [GENETLINK]: Add cmd dump completion. 2006-12-02 21:32:09 -08:00
icmp.h [IPV4]: icmp_send() annotation 2006-09-28 18:01:06 -07:00
ieee80211_crypt.h [PATCH] ieee80211: Add TKIP crypt->build_iv 2006-01-27 17:08:07 -05:00
ieee80211_radiotap.h
ieee80211.h [PATCH] ieee80211: WLAN_GET_SEQ_SEQ fix (select correct region) 2007-01-02 20:56:26 -05:00
ieee80211softmac_wx.h [PATCH] softmac: add SIOCSIWMLME 2006-04-24 16:15:58 -04:00
ieee80211softmac.h WorkStruct: make allyesconfig 2006-11-22 14:57:56 +00:00
if_inet6.h [IPV6]: Per-interface statistics support. 2006-12-02 21:22:08 -08:00
inet6_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.h [IPV6]: annotate inet6_hashtables 2006-12-02 21:21:10 -08:00
inet_common.h [NET]: move struct proto_ops to const 2006-01-03 13:11:15 -08:00
inet_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet_ecn.h [NET]: IP header modifier helpers annotations. 2006-12-02 21:23:40 -08:00
inet_hashtables.h [NET]: change layout of ehash table 2007-02-08 14:16:46 -08:00
inet_sock.h [IPV4]: annotate inet_lookup() and friends 2006-09-28 18:02:26 -07:00
inet_timewait_sock.h [INET]: twcal_jiffie should be unsigned long, not int 2007-03-05 13:32:48 -08:00
inetpeer.h [IPV4] inet_peer: Group together avl_left, avl_right, v4daddr to speedup lookups on some CPUS 2006-10-20 00:28:35 -07:00
ip6_checksum.h [IPV6]: Dumb typo in generic csum_ipv6_magic() 2006-12-22 11:12:07 -08:00
ip6_fib.h [IPV6]: Convert ipv6 route to use the new dst_entry 'next' pointer 2007-02-10 23:20:40 -08:00
ip6_route.h [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
ip6_tunnel.h
ip_fib.h [IPV4] nl_fib_lookup: Rename fl_fwmark to fl_mark 2006-12-02 21:21:40 -08:00
ip_mp_alg.h [NET]: Rethink mark field in struct flowi 2006-12-02 21:21:39 -08:00
ip_vs.h [NET]: ipvs checksum annotations. 2006-12-02 21:23:41 -08:00
ip.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
ipcomp.h [CRYPTO] users: Use crypto_comp and crypto_has_* 2006-09-21 11:46:22 +10:00
ipconfig.h [NET]: ipconfig and nfsroot annotations 2006-12-02 21:21:09 -08:00
ipip.h [IPV6] net/ipv6/sit.c: make 2 functions static 2006-12-02 21:26:15 -08:00
ipv6.h [IPV6]: __ipv6_addr_diff() annotations and cleanup. 2006-12-02 21:22:53 -08:00
ipx.h [IPX]: Annotate and fix IPX checksum 2006-11-05 14:11:25 -08:00
iw_handler.h [PATCH] WE-20 for kernel 2.6.16 2006-03-23 07:12:57 -05:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h [LLC]: add multicast support for datagrams 2006-06-17 21:26:08 -07:00
llc_pdu.h [LLC]: anotations 2006-12-02 21:21:23 -08:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h [LLC]: llc_mac_hdr_init const arguments 2006-03-20 22:59:36 -08:00
mip6.h [IPV6] MIP6: Add receiving mobility header functions through raw socket. 2006-09-22 15:07:01 -07:00
ndisc.h [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
neighbour.h [NET]: Convert hh_lock to seqlock. 2006-12-08 17:19:20 -08:00
netdma.h Remove all inclusions of <linux/config.h> 2006-10-04 03:38:54 -04:00
netevent.h [NET]: Network Event Notifier Mechanism. 2006-08-02 13:38:20 -07:00
netlabel.h NetLabel: convert to an extensibile/sparse category bitmap 2006-12-02 21:31:36 -08:00
netlink.h [PATCH] severing skbuff.h -> mm.h 2006-12-04 02:00:34 -05:00
netrom.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
nexthop.h [IPv4]: FIB configuration using struct fib_config 2006-09-22 14:55:04 -07:00
p8022.h
pkt_cls.h
pkt_sched.h [PKT_SCHED]: Fix regression in PSCHED_TADD{,2}. 2006-07-24 12:44:23 -07:00
protocol.h [INET]: Change protocol field in struct inet_protosw to u16 2006-12-02 21:30:55 -08:00
psnap.h
raw.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
rawv6.h [IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian 2006-12-02 21:21:12 -08:00
red.h [PKT_SCHED] RED: Fix overflow in calculation of queue average 2006-08-04 22:59:51 -07:00
request_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
rose.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
route.h [IPV4]: Convert ipv4 route to use the new dst_entry 'next' pointer 2007-02-10 23:20:38 -08:00
sch_generic.h [NET_SCHED]: Fix endless loops caused by inaccurate qlen counters (part 1) 2006-12-02 21:31:42 -08:00
scm.h [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
slhc_vj.h
snmp.h [SCTP]: Extend /proc/net/sctp/snmp to provide more statistics. 2006-09-22 14:55:16 -07:00
sock.h [NET]: Revert incorrect accept queue backlog changes. 2007-03-06 11:21:05 -08:00
syncppp.h
tcp_ecn.h [IPV6]: Added GSO support for TCPv6 2006-06-30 14:12:10 -07:00
tcp_states.h [TCP]: Move the TCPF_ enum to tcp_states.h 2006-01-03 13:10:57 -08:00
tcp.h [TCP]: remove tcp header from tcp_v4_check (take #2) 2007-02-08 12:38:44 -08:00
timewait_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
transp_v6.h [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
udp.h [PATCH] severing skbuff.h -> poll.h 2006-12-04 02:00:31 -05:00
udplite.h [NET]: Fix assorted misannotations (from md5 and udplite merges). 2006-12-02 21:27:16 -08:00
x25.h [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. 2007-02-08 13:34:36 -08:00
x25device.h [X25]: Restore skb->dev setting in x25_type_trans(). 2006-04-09 22:37:18 -07:00
xfrm.h [IPSEC]: xfrm_policy delete security check misplaced 2007-03-07 16:08:09 -08:00