Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says: ==================== Just one patch this time. 1) Drop packets when the matching SA is in larval state and add a statistic counter for that. From Fan Du. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
a77471ff70
3 changed files with 7 additions and 0 deletions
|
@ -288,6 +288,7 @@ enum
|
|||
LINUX_MIB_XFRMOUTPOLERROR, /* XfrmOutPolError */
|
||||
LINUX_MIB_XFRMFWDHDRERROR, /* XfrmFwdHdrError*/
|
||||
LINUX_MIB_XFRMOUTSTATEINVALID, /* XfrmOutStateInvalid */
|
||||
LINUX_MIB_XFRMACQUIREERROR, /* XfrmAcquireError */
|
||||
__LINUX_MIB_XFRMMAX
|
||||
};
|
||||
|
||||
|
|
|
@ -163,6 +163,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
|||
skb->sp->xvec[skb->sp->len++] = x;
|
||||
|
||||
spin_lock(&x->lock);
|
||||
if (unlikely(x->km.state == XFRM_STATE_ACQ)) {
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
|
||||
goto drop_unlock;
|
||||
}
|
||||
|
||||
if (unlikely(x->km.state != XFRM_STATE_VALID)) {
|
||||
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEINVALID);
|
||||
goto drop_unlock;
|
||||
|
|
|
@ -44,6 +44,7 @@ static const struct snmp_mib xfrm_mib_list[] = {
|
|||
SNMP_MIB_ITEM("XfrmOutPolError", LINUX_MIB_XFRMOUTPOLERROR),
|
||||
SNMP_MIB_ITEM("XfrmFwdHdrError", LINUX_MIB_XFRMFWDHDRERROR),
|
||||
SNMP_MIB_ITEM("XfrmOutStateInvalid", LINUX_MIB_XFRMOUTSTATEINVALID),
|
||||
SNMP_MIB_ITEM("XfrmAcquireError", LINUX_MIB_XFRMACQUIREERROR),
|
||||
SNMP_MIB_SENTINEL
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue