lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <b38470c70bc7abc785b501529c08600ce55c7c65.1566395202.git.sd@queasysnail.net> Date: Wed, 21 Aug 2019 23:46:23 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: netdev@...r.kernel.org Cc: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert <steffen.klassert@...unet.com>, Sabrina Dubroca <sd@...asysnail.net> Subject: [PATCH ipsec-next 5/7] esp4: prepare esp_input_done2 for non-UDP encapsulation For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu <herbert@...dor.apana.org.au> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> Signed-off-by: Sabrina Dubroca <sd@...asysnail.net> --- net/ipv4/esp4.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 5c967764041f..c5d826642229 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -601,6 +601,18 @@ int esp_input_done2(struct sk_buff *skb, int err) if (x->encap) { struct xfrm_encap_tmpl *encap = x->encap; struct udphdr *uh = (void *)(skb_network_header(skb) + ihl); + __be16 source; + + switch (x->encap->encap_type) { + case UDP_ENCAP_ESPINUDP: + case UDP_ENCAP_ESPINUDP_NON_IKE: + source = uh->source; + break; + default: + WARN_ON_ONCE(1); + err = -EINVAL; + goto out; + } /* * 1) if the NAT-T peer's IP or port changed then @@ -609,11 +621,11 @@ int esp_input_done2(struct sk_buff *skb, int err) * SRC ports. */ if (iph->saddr != x->props.saddr.a4 || - uh->source != encap->encap_sport) { + source != encap->encap_sport) { xfrm_address_t ipaddr; ipaddr.a4 = iph->saddr; - km_new_mapping(x, &ipaddr, uh->source); + km_new_mapping(x, &ipaddr, source); /* XXX: perhaps add an extra * policy check here, to see -- 2.22.0
Powered by blists - more mailing lists