Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
a0b78018
Commit
a0b78018
authored
21 years ago
by
Tom Lendacky
Committed by
Linus Torvalds
21 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[IPSEC]: IPV6 AH/ESP fixes.
parent
c81baf47
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
22 additions
and
18 deletions
+22
-18
net/ipv6/ah6.c
net/ipv6/ah6.c
+2
-2
net/ipv6/esp6.c
net/ipv6/esp6.c
+13
-13
net/ipv6/xfrm6_input.c
net/ipv6/xfrm6_input.c
+7
-3
No files found.
net/ipv6/ah6.c
View file @
a0b78018
...
@@ -199,7 +199,7 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -199,7 +199,7 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
}
}
}
}
nexthdr
=
ah
->
nexthdr
;
nexthdr
=
((
struct
ipv6hdr
*
)
tmp_hdr
)
->
nexthdr
=
ah
->
nexthdr
;
skb
->
nh
.
raw
=
skb_pull
(
skb
,
(
ah
->
hdrlen
+
2
)
<<
2
);
skb
->
nh
.
raw
=
skb_pull
(
skb
,
(
ah
->
hdrlen
+
2
)
<<
2
);
memcpy
(
skb
->
nh
.
raw
,
tmp_hdr
,
hdr_len
);
memcpy
(
skb
->
nh
.
raw
,
tmp_hdr
,
hdr_len
);
skb
->
nh
.
ipv6h
->
payload_len
=
htons
(
skb
->
len
-
sizeof
(
struct
ipv6hdr
));
skb
->
nh
.
ipv6h
->
payload_len
=
htons
(
skb
->
len
-
sizeof
(
struct
ipv6hdr
));
...
@@ -287,7 +287,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args)
...
@@ -287,7 +287,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args)
x
->
props
.
header_len
=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
);
x
->
props
.
header_len
=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
);
if
(
x
->
props
.
mode
)
if
(
x
->
props
.
mode
)
x
->
props
.
header_len
+=
2
0
;
x
->
props
.
header_len
+=
4
0
;
x
->
data
=
ahp
;
x
->
data
=
ahp
;
return
0
;
return
0
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/esp6.c
View file @
a0b78018
...
@@ -108,7 +108,7 @@ int esp6_output(struct sk_buff *skb)
...
@@ -108,7 +108,7 @@ int esp6_output(struct sk_buff *skb)
struct
dst_entry
*
dst
=
skb
->
dst
;
struct
dst_entry
*
dst
=
skb
->
dst
;
struct
xfrm_state
*
x
=
dst
->
xfrm
;
struct
xfrm_state
*
x
=
dst
->
xfrm
;
struct
ipv6hdr
*
iph
=
NULL
,
*
top_iph
;
struct
ipv6hdr
*
iph
=
NULL
,
*
top_iph
;
struct
ip_esp_hdr
*
esph
;
struct
ip
v6
_esp_hdr
*
esph
;
struct
crypto_tfm
*
tfm
;
struct
crypto_tfm
*
tfm
;
struct
esp_data
*
esp
;
struct
esp_data
*
esp
;
struct
sk_buff
*
trailer
;
struct
sk_buff
*
trailer
;
...
@@ -154,7 +154,7 @@ int esp6_output(struct sk_buff *skb)
...
@@ -154,7 +154,7 @@ int esp6_output(struct sk_buff *skb)
esp
=
x
->
data
;
esp
=
x
->
data
;
alen
=
esp
->
auth
.
icv_trunc_len
;
alen
=
esp
->
auth
.
icv_trunc_len
;
tfm
=
esp
->
conf
.
tfm
;
tfm
=
esp
->
conf
.
tfm
;
blksize
=
crypto_tfm_alg_blocksize
(
tfm
)
;
blksize
=
(
crypto_tfm_alg_blocksize
(
tfm
)
+
3
)
&
~
3
;
clen
=
(
clen
+
2
+
blksize
-
1
)
&~
(
blksize
-
1
);
clen
=
(
clen
+
2
+
blksize
-
1
)
&~
(
blksize
-
1
);
if
(
esp
->
conf
.
padlen
)
if
(
esp
->
conf
.
padlen
)
clen
=
(
clen
+
esp
->
conf
.
padlen
-
1
)
&~
(
esp
->
conf
.
padlen
-
1
);
clen
=
(
clen
+
esp
->
conf
.
padlen
-
1
)
&~
(
esp
->
conf
.
padlen
-
1
);
...
@@ -176,7 +176,7 @@ int esp6_output(struct sk_buff *skb)
...
@@ -176,7 +176,7 @@ int esp6_output(struct sk_buff *skb)
if
(
x
->
props
.
mode
)
{
if
(
x
->
props
.
mode
)
{
iph
=
skb
->
nh
.
ipv6h
;
iph
=
skb
->
nh
.
ipv6h
;
top_iph
=
(
struct
ipv6hdr
*
)
skb_push
(
skb
,
x
->
props
.
header_len
);
top_iph
=
(
struct
ipv6hdr
*
)
skb_push
(
skb
,
x
->
props
.
header_len
);
esph
=
(
struct
ip_esp_hdr
*
)(
top_iph
+
1
);
esph
=
(
struct
ip
v6
_esp_hdr
*
)(
top_iph
+
1
);
*
(
u8
*
)(
trailer
->
tail
-
1
)
=
IPPROTO_IPV6
;
*
(
u8
*
)(
trailer
->
tail
-
1
)
=
IPPROTO_IPV6
;
top_iph
->
version
=
6
;
top_iph
->
version
=
6
;
top_iph
->
priority
=
iph
->
priority
;
top_iph
->
priority
=
iph
->
priority
;
...
@@ -184,13 +184,13 @@ int esp6_output(struct sk_buff *skb)
...
@@ -184,13 +184,13 @@ int esp6_output(struct sk_buff *skb)
top_iph
->
flow_lbl
[
1
]
=
iph
->
flow_lbl
[
1
];
top_iph
->
flow_lbl
[
1
]
=
iph
->
flow_lbl
[
1
];
top_iph
->
flow_lbl
[
2
]
=
iph
->
flow_lbl
[
2
];
top_iph
->
flow_lbl
[
2
]
=
iph
->
flow_lbl
[
2
];
top_iph
->
nexthdr
=
IPPROTO_ESP
;
top_iph
->
nexthdr
=
IPPROTO_ESP
;
top_iph
->
payload_len
=
htons
(
skb
->
len
+
alen
);
top_iph
->
payload_len
=
htons
(
skb
->
len
+
alen
-
sizeof
(
struct
ipv6hdr
)
);
top_iph
->
hop_limit
=
iph
->
hop_limit
;
top_iph
->
hop_limit
=
iph
->
hop_limit
;
memcpy
(
&
top_iph
->
saddr
,
(
struct
in6_addr
*
)
&
x
->
props
.
saddr
,
sizeof
(
struct
i
pv6h
dr
));
memcpy
(
&
top_iph
->
saddr
,
(
struct
in6_addr
*
)
&
x
->
props
.
saddr
,
sizeof
(
struct
i
n6_ad
dr
));
memcpy
(
&
top_iph
->
daddr
,
(
struct
in6_addr
*
)
&
x
->
id
.
daddr
,
sizeof
(
struct
i
pv6h
dr
));
memcpy
(
&
top_iph
->
daddr
,
(
struct
in6_addr
*
)
&
x
->
id
.
daddr
,
sizeof
(
struct
i
n6_ad
dr
));
}
else
{
}
else
{
/* XXX exthdr */
/* XXX exthdr */
esph
=
(
struct
ip_esp_hdr
*
)
skb_push
(
skb
,
x
->
props
.
header_len
);
esph
=
(
struct
ip
v6
_esp_hdr
*
)
skb_push
(
skb
,
x
->
props
.
header_len
);
skb
->
h
.
raw
=
(
unsigned
char
*
)
esph
;
skb
->
h
.
raw
=
(
unsigned
char
*
)
esph
;
top_iph
=
(
struct
ipv6hdr
*
)
skb_push
(
skb
,
hdr_len
);
top_iph
=
(
struct
ipv6hdr
*
)
skb_push
(
skb
,
hdr_len
);
memcpy
(
top_iph
,
iph
,
hdr_len
);
memcpy
(
top_iph
,
iph
,
hdr_len
);
...
@@ -257,7 +257,7 @@ int esp6_output(struct sk_buff *skb)
...
@@ -257,7 +257,7 @@ int esp6_output(struct sk_buff *skb)
int
esp6_input
(
struct
xfrm_state
*
x
,
struct
sk_buff
*
skb
)
int
esp6_input
(
struct
xfrm_state
*
x
,
struct
sk_buff
*
skb
)
{
{
struct
ipv6hdr
*
iph
;
struct
ipv6hdr
*
iph
;
struct
ip_esp_hdr
*
esph
;
struct
ip
v6
_esp_hdr
*
esph
;
struct
esp_data
*
esp
=
x
->
data
;
struct
esp_data
*
esp
=
x
->
data
;
struct
sk_buff
*
trailer
;
struct
sk_buff
*
trailer
;
int
blksize
=
crypto_tfm_alg_blocksize
(
esp
->
conf
.
tfm
);
int
blksize
=
crypto_tfm_alg_blocksize
(
esp
->
conf
.
tfm
);
...
@@ -269,7 +269,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -269,7 +269,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
u8
ret_nexthdr
=
0
;
u8
ret_nexthdr
=
0
;
unsigned
char
*
tmp_hdr
=
NULL
;
unsigned
char
*
tmp_hdr
=
NULL
;
if
(
!
pskb_may_pull
(
skb
,
sizeof
(
struct
ip_esp_hdr
)))
if
(
!
pskb_may_pull
(
skb
,
sizeof
(
struct
ip
v6
_esp_hdr
)))
goto
out
;
goto
out
;
if
(
elen
<=
0
||
(
elen
&
(
blksize
-
1
)))
if
(
elen
<=
0
||
(
elen
&
(
blksize
-
1
)))
...
@@ -301,7 +301,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -301,7 +301,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
skb
->
ip_summed
=
CHECKSUM_NONE
;
skb
->
ip_summed
=
CHECKSUM_NONE
;
esph
=
(
struct
ip_esp_hdr
*
)
skb
->
data
;
esph
=
(
struct
ip
v6
_esp_hdr
*
)
skb
->
data
;
iph
=
skb
->
nh
.
ipv6h
;
iph
=
skb
->
nh
.
ipv6h
;
/* Get ivec. This can be wrong, check against another impls. */
/* Get ivec. This can be wrong, check against another impls. */
...
@@ -336,7 +336,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -336,7 +336,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
}
}
/* ... check padding bits here. Silly. :-) */
/* ... check padding bits here. Silly. :-) */
ret_nexthdr
=
nexthdr
[
1
];
ret_nexthdr
=
((
struct
ipv6hdr
*
)
tmp_hdr
)
->
nexthdr
=
nexthdr
[
1
];
pskb_trim
(
skb
,
skb
->
len
-
alen
-
padlen
-
2
);
pskb_trim
(
skb
,
skb
->
len
-
alen
-
padlen
-
2
);
skb
->
h
.
raw
=
skb_pull
(
skb
,
8
+
esp
->
conf
.
ivlen
);
skb
->
h
.
raw
=
skb_pull
(
skb
,
8
+
esp
->
conf
.
ivlen
);
skb
->
nh
.
raw
+=
8
+
esp
->
conf
.
ivlen
;
skb
->
nh
.
raw
+=
8
+
esp
->
conf
.
ivlen
;
...
@@ -370,7 +370,7 @@ void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
...
@@ -370,7 +370,7 @@ void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
int
type
,
int
code
,
int
offset
,
__u32
info
)
int
type
,
int
code
,
int
offset
,
__u32
info
)
{
{
struct
ipv6hdr
*
iph
=
(
struct
ipv6hdr
*
)
skb
->
data
;
struct
ipv6hdr
*
iph
=
(
struct
ipv6hdr
*
)
skb
->
data
;
struct
ip
_esp_hdr
*
esph
=
(
struct
ip
_esp_hdr
*
)(
skb
->
data
+
offset
);
struct
ip
v6_esp_hdr
*
esph
=
(
struct
ipv6
_esp_hdr
*
)(
skb
->
data
+
offset
);
struct
xfrm_state
*
x
;
struct
xfrm_state
*
x
;
if
(
type
!=
ICMPV6_DEST_UNREACH
||
if
(
type
!=
ICMPV6_DEST_UNREACH
||
...
@@ -416,7 +416,7 @@ int esp6_init_state(struct xfrm_state *x, void *args)
...
@@ -416,7 +416,7 @@ int esp6_init_state(struct xfrm_state *x, void *args)
if
(
x
->
aalg
->
alg_key_len
==
0
||
x
->
aalg
->
alg_key_len
>
512
)
if
(
x
->
aalg
->
alg_key_len
==
0
||
x
->
aalg
->
alg_key_len
>
512
)
goto
error
;
goto
error
;
}
}
if
(
x
->
ealg
==
NULL
||
x
->
ealg
->
alg_key_len
==
0
)
if
(
x
->
ealg
==
NULL
)
goto
error
;
goto
error
;
esp
=
kmalloc
(
sizeof
(
*
esp
),
GFP_KERNEL
);
esp
=
kmalloc
(
sizeof
(
*
esp
),
GFP_KERNEL
);
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/xfrm6_input.c
View file @
a0b78018
...
@@ -186,6 +186,8 @@ int xfrm6_rcv(struct sk_buff **pskb)
...
@@ -186,6 +186,8 @@ int xfrm6_rcv(struct sk_buff **pskb)
xfrm_vec
[
xfrm_nr
++
]
=
x
;
xfrm_vec
[
xfrm_nr
++
]
=
x
;
iph
=
skb
->
nh
.
ipv6h
;
if
(
x
->
props
.
mode
)
{
/* XXX */
if
(
x
->
props
.
mode
)
{
/* XXX */
if
(
iph
->
nexthdr
!=
IPPROTO_IPV6
)
if
(
iph
->
nexthdr
!=
IPPROTO_IPV6
)
goto
drop
;
goto
drop
;
...
@@ -199,9 +201,11 @@ int xfrm6_rcv(struct sk_buff **pskb)
...
@@ -199,9 +201,11 @@ int xfrm6_rcv(struct sk_buff **pskb)
goto
drop
;
goto
drop
;
}
while
(
!
err
);
}
while
(
!
err
);
memcpy
(
skb
->
nh
.
raw
,
tmp_hdr
,
hdr_len
);
if
(
!
decaps
)
{
skb
->
nh
.
raw
[
nh_offset
]
=
nexthdr
;
memcpy
(
skb
->
nh
.
raw
,
tmp_hdr
,
hdr_len
);
skb
->
nh
.
ipv6h
->
payload_len
=
htons
(
hdr_len
+
skb
->
len
-
sizeof
(
struct
ipv6hdr
));
skb
->
nh
.
raw
[
nh_offset
]
=
nexthdr
;
skb
->
nh
.
ipv6h
->
payload_len
=
htons
(
hdr_len
+
skb
->
len
-
sizeof
(
struct
ipv6hdr
));
}
/* Allocate new secpath or COW existing one. */
/* Allocate new secpath or COW existing one. */
if
(
!
skb
->
sp
||
atomic_read
(
&
skb
->
sp
->
refcnt
)
!=
1
)
{
if
(
!
skb
->
sp
||
atomic_read
(
&
skb
->
sp
->
refcnt
)
!=
1
)
{
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment