Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says: ==================== pull request (net): ipsec 2020-05-29 1) Several fixes for ESP gro/gso in transport and beet mode when IPv6 extension headers are present. From Xin Long. 2) Fix a wrong comment on XFRMA_OFFLOAD_DEV. From Antony Antony. 3) Fix sk_destruct callback handling on ESP in TCP encapsulation. From Sabrina Dubroca. 4) Fix a use after free in xfrm_output_gso when used with vxlan. From Xin Long. 5) Fix secpath handling of VTI when used wiuth IPCOMP. From Xin Long. 6) Fix an oops when deleting a x-netns xfrm interface. From Nicolas Dichtel. 7) Fix a possible warning on policy updates. We had a case where it was possible to add two policies with the same lookup keys. From Xin Long. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -63,10 +63,8 @@ static struct sk_buff *esp4_gro_receive(struct list_head *head,
|
||||
sp->olen++;
|
||||
|
||||
xo = xfrm_offload(skb);
|
||||
if (!xo) {
|
||||
xfrm_state_put(x);
|
||||
if (!xo)
|
||||
goto out_reset;
|
||||
}
|
||||
}
|
||||
|
||||
xo->flags |= XFRM_GRO;
|
||||
@@ -139,19 +137,27 @@ static struct sk_buff *xfrm4_beet_gso_segment(struct xfrm_state *x,
|
||||
struct xfrm_offload *xo = xfrm_offload(skb);
|
||||
struct sk_buff *segs = ERR_PTR(-EINVAL);
|
||||
const struct net_offload *ops;
|
||||
int proto = xo->proto;
|
||||
u8 proto = xo->proto;
|
||||
|
||||
skb->transport_header += x->props.header_len;
|
||||
|
||||
if (proto == IPPROTO_BEETPH) {
|
||||
struct ip_beet_phdr *ph = (struct ip_beet_phdr *)skb->data;
|
||||
if (x->sel.family != AF_INET6) {
|
||||
if (proto == IPPROTO_BEETPH) {
|
||||
struct ip_beet_phdr *ph =
|
||||
(struct ip_beet_phdr *)skb->data;
|
||||
|
||||
skb->transport_header += ph->hdrlen * 8;
|
||||
proto = ph->nexthdr;
|
||||
} else if (x->sel.family != AF_INET6) {
|
||||
skb->transport_header -= IPV4_BEET_PHMAXLEN;
|
||||
} else if (proto == IPPROTO_TCP) {
|
||||
skb_shinfo(skb)->gso_type |= SKB_GSO_TCPV4;
|
||||
skb->transport_header += ph->hdrlen * 8;
|
||||
proto = ph->nexthdr;
|
||||
} else {
|
||||
skb->transport_header -= IPV4_BEET_PHMAXLEN;
|
||||
}
|
||||
} else {
|
||||
__be16 frag;
|
||||
|
||||
skb->transport_header +=
|
||||
ipv6_skip_exthdr(skb, 0, &proto, &frag);
|
||||
if (proto == IPPROTO_TCP)
|
||||
skb_shinfo(skb)->gso_type |= SKB_GSO_TCPV4;
|
||||
}
|
||||
|
||||
__skb_pull(skb, skb_transport_offset(skb));
|
||||
|
||||
@@ -93,7 +93,28 @@ static int vti_rcv_proto(struct sk_buff *skb)
|
||||
|
||||
static int vti_rcv_tunnel(struct sk_buff *skb)
|
||||
{
|
||||
return vti_rcv(skb, ip_hdr(skb)->saddr, true);
|
||||
struct ip_tunnel_net *itn = net_generic(dev_net(skb->dev), vti_net_id);
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
struct ip_tunnel *tunnel;
|
||||
|
||||
tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
|
||||
iph->saddr, iph->daddr, 0);
|
||||
if (tunnel) {
|
||||
struct tnl_ptk_info tpi = {
|
||||
.proto = htons(ETH_P_IP),
|
||||
};
|
||||
|
||||
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
|
||||
goto drop;
|
||||
if (iptunnel_pull_header(skb, 0, tpi.proto, false))
|
||||
goto drop;
|
||||
return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, false);
|
||||
}
|
||||
|
||||
return -EINVAL;
|
||||
drop:
|
||||
kfree_skb(skb);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int vti_rcv_cb(struct sk_buff *skb, int err)
|
||||
|
||||
Reference in New Issue
Block a user