[PATCH 0/1][SRU][Trusty/Utopic/Vivid/Wily](upstream) xfrm: dst_entries_init() per-net dst_ops

Dan Streetman dan.streetman at canonical.com
Wed Jan 27 14:59:44 UTC 2016


On Tue, Jan 26, 2016 at 1:02 PM, Dan Streetman
<dan.streetman at canonical.com> wrote:
> Patch cherry-picked from upstream commit
> a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 with only minor context
> changes needed to Trusty/Utopic.

of course, immediately after i sent this, it got pulled into upstream
stable finally :)

it would still be good to include this patch in the releases now I
think, but if not it should make it in through the upstream stable
trees.

>
> This fixes an error in counting dst objects when using ipsec with
> multiple net namespaces; without this, one (or more) namespaces' dst
> count will incorrectly increase until it reaches the limit, at which
> point its ipsec network is no longer usable.
>
> User tested against lts-vivid kernel only; I tested all 3 others manually.




More information about the kernel-team mailing list