kernel-ark/include/net
Eric Paris ef41aaa0b7 [IPSEC]: xfrm_policy delete security check misplaced
The security hooks to check permissions to remove an xfrm_policy were
actually done after the policy was removed.  Since the unlinking and
deletion are done in xfrm_policy_by* functions this moves the hooks
inside those 2 functions.  There we have all the information needed to
do the security check and it can be done before the deletion.  Since
auditing requires the result of that security check err has to be passed
back and forth from the xfrm_policy_by* functions.

This patch also fixes a bug where a deletion that failed the security
check could cause improper accounting on the xfrm_policy
(xfrm_get_policy didn't have a put on the exit path for the hold taken
by xfrm_policy_by*)

It also fixes the return code when no policy is found in
xfrm_add_pol_expire.  In old code (at least back in the 2.6.18 days) err
wasn't used before the return when no policy is found and so the
initialization would cause err to be ENOENT.  But since err has since
been used above when we don't get a policy back from the xfrm_policy_by*
function we would always return 0 instead of the intended ENOENT.  Also
fixed some white space damage in the same area.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07 16:08:09 -08:00
..
bluetooth
irda [IRDA] net/irda/: proper prototypes 2007-02-26 11:42:43 -08:00
iucv
netfilter [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 2007-03-05 13:25:18 -08:00
sctp
tc_act
tipc
act_api.h
addrconf.h
af_unix.h
ah.h
arp.h
atmclip.h
ax25.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
checksum.h
cipso_ipv4.h
compat.h
datalink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h [DECNET]: Convert decnet route to use the new dst_entry 'next' pointer 2007-02-10 23:20:43 -08:00
dn.h
dsfield.h
dst.h [NET]: Reorder fields of struct dst_entry 2007-02-10 23:20:45 -08:00
esp.h
fib_rules.h
flow.h
gen_stats.h
genetlink.h
icmp.h
ieee80211_crypt.h
ieee80211_radiotap.h
ieee80211.h
ieee80211softmac_wx.h
ieee80211softmac.h
if_inet6.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h [INET]: twcal_jiffie should be unsigned long, not int 2007-03-05 13:32:48 -08:00
inetpeer.h
ip6_checksum.h
ip6_fib.h [IPV6]: Convert ipv6 route to use the new dst_entry 'next' pointer 2007-02-10 23:20:40 -08:00
ip6_route.h
ip6_tunnel.h
ip_fib.h
ip_mp_alg.h
ip_vs.h
ip.h
ipcomp.h
ipconfig.h
ipip.h
ipv6.h
ipx.h
iw_handler.h
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mip6.h
ndisc.h
neighbour.h
netdma.h
netevent.h
netlabel.h
netlink.h
netrom.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
nexthop.h
p8022.h
pkt_cls.h
pkt_sched.h
protocol.h
psnap.h
raw.h
rawv6.h
red.h
request_sock.h
rose.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
route.h [IPV4]: Convert ipv4 route to use the new dst_entry 'next' pointer 2007-02-10 23:20:38 -08:00
sch_generic.h
scm.h
slhc_vj.h
snmp.h
sock.h [NET]: Revert incorrect accept queue backlog changes. 2007-03-06 11:21:05 -08:00
syncppp.h
tcp_ecn.h
tcp_states.h
tcp.h
timewait_sock.h
transp_v6.h
udp.h
udplite.h
x25.h
x25device.h
xfrm.h [IPSEC]: xfrm_policy delete security check misplaced 2007-03-07 16:08:09 -08:00