On 2015/3/10 21:27, Pablo Neira Ayuso wrote:
> From: Julian Anastasov <ja@xxxxxx>
>
> [ backport from upstream commit 579eb62ac35845686a7c4286c0a820b4eb1f96aa ]
>
> commit f5a41847acc5 ("ipvs: move ip_route_me_harder for ICMP")
> from 2.6.37 introduced ip_route_me_harder() call for responses to
> local clients, so that we can provide valid rt_src after SNAT.
> It was used by TCP to provide valid daddr for ip_send_reply().
> After commit 0a5ebb8000c5 ("ipv4: Pass explicit daddr arg to
> ip_send_reply()." from 3.0 this rerouting is not needed anymore
> and should be avoided, especially in LOCAL_IN.
>
> Fixes 3.12.33 crash in xfrm reported by Florian Wiessner:
> "3.12.33 - BUG xfrm_selector_match+0x25/0x2f6"
>
> Cc: stable@xxxxxxxxxxxxxxx # 3.4.x
> Signed-off-by: Julian Anastasov <ja@xxxxxx>
> Acked-by: Simon Horman <horms@xxxxxxxxxxxx>
Queued up for 3.4. Thanks!
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html