korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-24 04:34:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
15f5fe9e84
linux/net/ipv6
History
Antony Antony 15f5fe9e84 xfrm: Log input direction mismatch error in one place 
Previously, the offload data path decrypted the packet before checking
the direction, leading to error logging and packet dropping. However,
dropped packets wouldn't be visible in tcpdump or audit log.

With this fix, the offload path, upon noticing SA direction mismatch,
will pass the packet to the stack without decrypting it. The L3 layer
will then log the error, audit, and drop ESP without decrypting or
decapsulating it.

This also ensures that the slow path records the error and audit log,
making dropped packets visible in tcpdump.

Fixes: 304b44f0d5 ("xfrm: Add dir validation to "in" data path lookup")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2024-06-17 13:53:19 +02:00
..
ila ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
netfilter netfilter: use NF_DROP instead of -NF_DROP 2024-05-06 16:29:21 +02:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-01-30 12:43:18 +01:00
addrconf.c net: ipv{6,4}: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00
addrlabel.c ipv6: remove RTNL protection from ip6addrlbl_dump() 2024-04-08 11:01:05 +01:00
af_inet6.c net: introduce include/net/rps.h 2024-03-07 21:12:43 -08:00
ah6.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
anycast.c ipv6: anycast: use call_rcu_hurry() in aca_put() 2024-05-01 11:46:21 +01:00
calipso.c netlabel: remove impossible return value in netlbl_bitmap_walk 2024-02-28 19:37:34 -08:00
datagram.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
esp6_offload.c xfrm: Log input direction mismatch error in one place 2024-06-17 13:53:19 +02:00
esp6.c net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP 2024-05-23 08:46:03 +02:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-24 08:43:39 +01:00
exthdrs_offload.c net: gso: add HBH extension header offload support 2024-01-05 08:11:49 -08:00
exthdrs.c net: ipv6: exthdrs: get rid of ipv6_skb_net() 2024-03-11 15:15:08 -07:00
fib6_notifier.c
fib6_rules.c ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() 2024-05-08 18:50:53 -07:00
fou6.c
icmp.c net: ipv{6,4}: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00
inet6_connection_sock.c net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
inet6_hashtables.c tcp: get rid of twsk_unique() 2024-05-09 20:25:55 -07:00
ioam6_iptunnel.c netlink: make range pointers in policies const 2023-10-26 16:24:09 -07:00
ioam6.c ipv6/addrconf: annotate data-races around devconf fields (II) 2024-03-01 08:42:33 +00:00
ip6_checksum.c
ip6_fib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-04-11 14:23:47 -07:00
ip6_flowlabel.c ipv6: move np->repflow to atomic flags 2023-09-15 10:33:48 +01:00
ip6_gre.c net: ip6_gre: Remove generic .ndo_get_stats64 2024-04-15 11:32:13 +01:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-02-23 11:29:52 -08:00
ip6_input.c ipv6/addrconf: annotate data-races around devconf fields (II) 2024-03-01 08:42:33 +00:00
ip6_offload.c net: gro: move L3 flush checks to tcp_gro_receive and udp_gro_receive_segment 2024-05-13 14:44:06 -07:00
ip6_offload.h
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
ip6_tunnel.c net: annotate writes on dev->mtu from ndo_change_mtu() 2024-05-07 16:19:14 -07:00
ip6_udp_tunnel.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
ip6_vti.c net: annotate writes on dev->mtu from ndo_change_mtu() 2024-05-07 16:19:14 -07:00
ip6mr.c ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
ipcomp6.c xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipv6_sockglue.c inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT 2024-03-06 12:37:06 +00:00
Kconfig ipv6: fix indentation of a config attribute 2023-08-16 10:03:08 +01:00
Makefile net/tcp: Introduce TCP_AO setsockopt()s 2023-10-27 10:35:44 +01:00
mcast_snoop.c net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-04-27 14:02:06 -07:00
mcast.c ipv6/addrconf: annotate data-races around devconf fields (II) 2024-03-01 08:42:33 +00:00
mip6.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
ndisc.c ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
netfilter.c xfrm: pass struct net to xfrm_decode_session wrappers 2023-10-06 08:31:53 +02:00
output_core.c ipv6: annotate data-races around cnf.hop_limit 2024-03-01 08:42:31 +00:00
ping.c ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
proc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
protocol.c
raw.c ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
reassembly.c net: ipv6: fix wrong start position when receive hop-by-hop fragment 2024-05-10 10:04:06 +01:00
route.c net/ipv6: Fix route deleting failure when metric equals 0 2024-05-16 19:31:15 -07:00
rpl_iptunnel.c ipv6: rpl: Remove redundant skb_dst_drop(). 2023-07-12 17:12:29 -07:00
rpl.c ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
seg6_hmac.c ipv6: sr: fix memleak in seg6_hmac_init_algo 2024-05-21 13:16:25 +02:00
seg6_iptunnel.c ipv6: sr: fix missing sk_buff release in seg6_input_core 2024-05-20 11:36:34 +01:00
seg6_local.c seg6: add NEXT-C-SID support for SRv6 End.X behavior 2023-08-15 18:51:47 -07:00
seg6.c ipv6: sr: fix invalid unregister error path 2024-05-10 19:27:46 -07:00
sit.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
syncookies.c tcp: annotate data-races around tp->window_clamp 2024-04-05 22:32:37 -07:00
sysctl_net_ipv6.c net: ipv{6,4}: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00
tcp_ao.c net/tcp: Wire up l3index to TCP-AO 2023-10-27 10:35:46 +01:00
tcp_ipv6.c tcp: rstreason: handle timewait cases in the receive path 2024-05-13 17:33:57 -07:00
tcpv6_offload.c net: gro: use cb instead of skb->network_header 2024-05-13 14:44:06 -07:00
tunnel6.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
udp_offload.c net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-02 11:02:48 +02:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-02 12:06:25 -07:00
udplite.c udplite: remove UDPLITE_BIT 2023-09-14 16:16:36 +02:00
xfrm6_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
xfrm6_output.c ipv6: drop feature RTAX_FEATURE_ALLFRAG 2023-10-25 18:04:29 -07:00
xfrm6_policy.c net: ipv{6,4}: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c ipsec-next-2024-03-06 2024-03-08 10:56:05 +00:00