On 03/10/2015, 02:27 PM, Pablo Neira Ayuso wrote:
> From: Julian Anastasov <ja@xxxxxx>
>
> [ upstream commit 579eb62ac35845686a7c4286c0a820b4eb1f96aa ]
>
> commit f5a41847acc5 ("ipvs: move ip_route_me_harder for ICMP")
> from 2.6.37 introduced ip_route_me_harder() call for responses to
> local clients, so that we can provide valid rt_src after SNAT.
> It was used by TCP to provide valid daddr for ip_send_reply().
> After commit 0a5ebb8000c5 ("ipv4: Pass explicit daddr arg to
> ip_send_reply()." from 3.0 this rerouting is not needed anymore
> and should be avoided, especially in LOCAL_IN.
>
> Fixes 3.12.33 crash in xfrm reported by Florian Wiessner:
> "3.12.33 - BUG xfrm_selector_match+0x25/0x2f6"
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.10.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.12.x
Applied the three which apply to 3.12. Thanks.
--
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html