| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240805171040.GN2636630@kernel.org>
Date: Mon, 5 Aug 2024 18:10:40 +0100
From: Simon Horman <horms@...nel.org>
To: Christian Hopps <chopps@...pps.org>
Cc: devel@...ux-ipsec.org, Steffen Klassert <steffen.klassert@...unet.com>,
netdev@...r.kernel.org, Christian Hopps <chopps@...n.net>
Subject: Re: [PATCH ipsec-next v8 08/16] xfrm: iptfs: add user packet (tunnel
ingress) handling
On Sun, Aug 04, 2024 at 04:33:37PM -0400, Christian Hopps wrote:
> From: Christian Hopps <chopps@...n.net>
>
> Add tunnel packet output functionality. This is code handles
> the ingress to the tunnel.
>
> Signed-off-by: Christian Hopps <chopps@...n.net>
...
> +/**
> + * iptfs_prepare_output() - prepare the skb for output
> + * @x: xfrm state
> + * @skb: the packet
> + *
> + * Return: Error value, if 0 then skb values should be as follows:
> + * - transport_header should point at ESP header
> + * - network_header should point at Outer IP header
> + * - mac_header should point at protocol/nexthdr of the outer IP
> + */
> +static int iptfs_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
> +{
> + if (x->outer_mode.family == AF_INET)
> + return iptfs_encap_add_ipv4(x, skb);
> + if (x->outer_mode.family == AF_INET6) {
> +#if IS_ENABLED(CONFIG_IPV6)
> + return iptfs_encap_add_ipv6(x, skb);
iptfs_encap_add_ipv6 is flagged as unused when IPV6 is not enabled.
Perhaps it should also be wrapped in a CONFIG_IPV6 check.
> +#else
> + WARN_ON_ONCE(1);
> + return -EAFNOSUPPORT;
> +#endif
> + }
> + WARN_ON_ONCE(1);
> + return -EOPNOTSUPP;
> +}
> +
...
Powered by blists - more mailing lists