| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Mar 2019 23:37:57 +0000
From: Bram Yvahk <bram-yvahk@...l.wizbit.be>
To: steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: netdev@...r.kernel.org
Subject: [PATCH ipsec/vti 2/2] vti6: process icmp msg when IPv6 is fragmented
In the error function the 'nexthdr' of the (original) IPv6 header
was used to check for which protocol it was.
When the (original) IPv6 packet is fragmented however then nexthdr
is set to 'NEXTHDR_FRAGMENT' and this causes the code to return
early and not process the ICMP error.
Signed-off-by: Bram Yvahk <bram-yvahk@...l.wizbit.be>
---
net/ipv6/ip6_vti.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 47f178c..9582ffd 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -590,7 +590,7 @@ vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
}
static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
- u8 type, u8 code, int offset, __be32 info)
+ u8 type, u8 code, int offset, __be32 info, int protocol)
{
__be32 spi;
__u32 mark;
@@ -601,7 +601,6 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
struct ip_comp_hdr *ipch;
struct net *net = dev_net(skb->dev);
const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
- int protocol = iph->nexthdr;
t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr);
if (!t)
@@ -645,6 +644,24 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
return 0;
}
+static int vti6_esp_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ u8 type, u8 code, int offset, __be32 info)
+{
+ return vti6_err(skb, opt, type, code, offset, info, IPPROTO_ESP);
+}
+
+static int vti6_ah_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ u8 type, u8 code, int offset, __be32 info)
+{
+ return vti6_err(skb, opt, type, code, offset, info, IPPROTO_AH);
+}
+
+static int vti6_ipcomp_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ u8 type, u8 code, int offset, __be32 info)
+{
+ return vti6_err(skb, opt, type, code, offset, info, IPPROTO_COMP);
+}
+
static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu)
{
struct net_device *dev = t->dev;
@@ -1189,21 +1206,21 @@ static struct pernet_operations vti6_net_ops = {
static struct xfrm6_protocol vti_esp6_protocol __read_mostly = {
.handler = vti6_rcv,
.cb_handler = vti6_rcv_cb,
- .err_handler = vti6_err,
+ .err_handler = vti6_esp_err,
.priority = 100,
};
static struct xfrm6_protocol vti_ah6_protocol __read_mostly = {
.handler = vti6_rcv,
.cb_handler = vti6_rcv_cb,
- .err_handler = vti6_err,
+ .err_handler = vti6_ah_err,
.priority = 100,
};
static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = {
.handler = vti6_rcv,
.cb_handler = vti6_rcv_cb,
- .err_handler = vti6_err,
+ .err_handler = vti6_ipcomp_err,
.priority = 100,
};
--
2.7.0
Powered by blists - more mailing lists