xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipv6: sr: remove cleanup flag and fix HMAC computation

Browse Source 
In the latest version of the IPv6 Segment Routing IETF draft [1] the
cleanup flag is removed and the flags field length is shrunk from 16 bits
to 8 bits. As a consequence, the input of the HMAC computation is modified
in a non-backward compatible way by covering the whole octet of flags
instead of only the cleanup bit. As such, if an implementation compatible
with the latest draft computes the HMAC of an SRH who has other flags set
to 1, then the HMAC result would differ from the current implementation.

This patch carries those modifications to prevent conflict with other
implementations of IPv6 SR.

[1] https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-05

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Lebrun
2017-02-02 11:29:38 +01:00
committed by David S. Miller
parent cafe8df8b9
commit 013e816789
3 changed files with 10 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
net/ipv6/exthdrs.c
View File

@@ -327,7 +327,6 @@ static int ipv6_srh_rcv(struct sk_buff *skb)
struct ipv6_sr_hdr *hdr;
struct inet6_dev *idev;
struct in6_addr *addr;
bool cleanup = false;
int accept_seg6;
hdr = (struct ipv6_sr_hdr *)skb_transport_header(skb);
@@ -351,11 +350,7 @@ static int ipv6_srh_rcv(struct sk_buff *skb)
#endif
looped_back:
if (hdr->segments_left > 0) {
if (hdr->nexthdr != NEXTHDR_IPV6 && hdr->segments_left == 1 &&
sr_has_cleanup(hdr))
cleanup = true;
} else {
if (hdr->segments_left == 0) {
if (hdr->nexthdr == NEXTHDR_IPV6) {
int offset = (hdr->hdrlen + 1) << 3;
@@ -418,21 +413,6 @@ looped_back:
ipv6_hdr(skb)->daddr = *addr;
if (cleanup) {
int srhlen = (hdr->hdrlen + 1) << 3;
int nh = hdr->nexthdr;
skb_pull_rcsum(skb, sizeof(struct ipv6hdr) + srhlen);
memmove(skb_network_header(skb) + srhlen,
skb_network_header(skb),
(unsigned char *)hdr - skb_network_header(skb));
skb->network_header += srhlen;
ipv6_hdr(skb)->nexthdr = nh;
ipv6_hdr(skb)->payload_len = htons(skb->len -
sizeof(struct ipv6hdr));
skb_push_rcsum(skb, sizeof(struct ipv6hdr));
}
skb_dst_drop(skb);
ip6_route_input(skb);
@@ -453,13 +433,8 @@ looped_back:
}
ipv6_hdr(skb)->hop_limit--;
/* be sure that srh is still present before reinjecting */
if (!cleanup) {
skb_pull(skb, sizeof(struct ipv6hdr));
goto looped_back;
}
skb_set_transport_header(skb, sizeof(struct ipv6hdr));
IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
skb_pull(skb, sizeof(struct ipv6hdr));
goto looped_back;
}
dst_input(skb);