korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-09 15:24:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
3af06a8502
linux/net/xfrm
History
Benedict Wong 3229a29e95 xfrm: Ensure policies always checked on XFRM-I input path 
[ Upstream commit a287f5b0cf ]

This change adds methods in the XFRM-I input path that ensures that
policies are checked prior to processing of the subsequent decapsulated
packet, after which the relevant policies may no longer be resolvable
(due to changing src/dst/proto/etc).

Notably, raw ESP/AH packets did not perform policy checks inherently,
whereas all other encapsulated packets (UDP, TCP encapsulated) do policy
checks after calling xfrm_input handling in the respective encapsulation
layer.

Fixes: b0355dbbf1 ("Fix XFRM-I support for nested ESP tunnels")
Test: Verified with additional Android Kernel Unit tests
Test: Verified against Android CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-28 10:29:45 +02:00
..
espintcp.c net: Fix data-races around netdev_max_backlog. 2022-08-31 17:16:42 +02:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c 2023-06-28 10:29:45 +02:00
xfrm_algo.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-02-14 19:17:58 +01:00
xfrm_device.c xfrm: replay: Fix ESN wrap around for GSO 2022-12-02 17:41:02 +01:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: Treat already-verified secpath entries as optional 2023-06-28 10:29:45 +02:00
xfrm_interface_core.c xfrm: Ensure policies always checked on XFRM-I input path 2023-06-28 10:29:45 +02:00
xfrm_ipcomp.c xfrm: Update ipcomp_scratches with NULL when freed 2022-10-26 12:35:34 +02:00
xfrm_output.c net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path 2022-01-27 11:03:49 +01:00
xfrm_policy.c xfrm: Treat already-verified secpath entries as optional 2023-06-28 10:29:45 +02:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-12-02 17:41:02 +01:00
xfrm_state.c xfrm: Allow transport-mode states with AF_UNSPEC selector 2023-03-22 13:31:22 +01:00
xfrm_sysctl.c
xfrm_user.c xfrm: Zero padding when dumping algos and encap 2023-04-05 11:24:52 +02:00