mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity
No description
1247936 commits 105 branches 5097 tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Antony Antony 63b21caba1 xfrm: introduce forwarding of ICMP Error messages 
This commit aligns with RFC 4301, Section 6, and addresses the
requirement to forward unauthenticated ICMP error messages that do not
match any xfrm policies. It utilizes the ICMP payload as an skb and
performs a reverse lookup. If a policy match is found, forward
the packet.

The ICMP payload typically contains a partial IP packet that is likely
responsible for the error message.

The following error types will be forwarded:
- IPv4 ICMP error types: ICMP_DEST_UNREACH & ICMP_TIME_EXCEEDED
- IPv6 ICMPv6 error types: ICMPV6_DEST_UNREACH, ICMPV6_PKT_TOOBIG,
			   ICMPV6_TIME_EXCEED

To implement this feature, a reverse lookup has been added to the xfrm
forward path, making use of the ICMP payload as the skb.

To enable this functionality from user space, the XFRM_POLICY_ICMP flag
should be added to the outgoing and forward policies, and the
XFRM_STATE_ICMP flag should be set on incoming states.

e.g.
ip xfrm policy add flag icmp tmpl

ip xfrm policy
src 192.0.2.0/24 dst 192.0.1.0/25
	dir out priority 2084302 ptype main flag icmp

ip xfrm state add ...flag icmp

ip xfrm state
root@west:~#ip x s
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xa7b76872 reqid 16389 mode tunnel
	replay-window 32 flag icmp af-unspec

Changes since v5:
- fix return values bool->int, feedback from Steffen

Changes since v4:
- split the series to only ICMP erorr forwarding

Changes since v3: no code chage
 - add missing white spaces detected by checkpatch.pl

Changes since v2: reviewed by Steffen Klassert
 - user consume_skb instead of kfree_skb for the inner skb
 - fixed newskb leaks in error paths
 - free the newskb once inner flow is decoded with change due to
   commit 7a0207094f ("xfrm: policy: replace session decode with flow dissector")
 - if xfrm_decode_session_reverse() on inner payload fails ignore.
   do not increment error counter

Changes since v1:
- Move IPv6 variable declaration inside IS_ENABLED(CONFIG_IPV6)

Changes since RFC:
- Fix calculation of ICMPv6 header length

Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2024-01-25 08:41:44 +01:00
arch RTC for 6.8 2024-01-18 17:25:39 -08:00
block for-6.8/block-2024-01-08 2024-01-11 13:58:04 -08:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto crypto: scomp - fix req->dst buffer overflow 2023-12-29 11:25:56 +08:00
Documentation This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
drivers Revert "net: ethernet: qualcomm: Remove QDF24xx support" 2024-01-24 09:43:34 -08:00
fs More eventfs fixes and a seq_buf fix for 6.8: 2024-01-18 14:45:33 -08:00
include net/ipv6: resolve warning in ip6_fib.c 2024-01-23 17:22:23 -08:00
init Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
io_uring Generic: 2024-01-17 13:03:37 -08:00
ipc shm: Slim down dependencies 2023-12-20 19:26:31 -05:00
kernel Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
lib cxl for v6.8 2024-01-18 16:22:43 -08:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm memblock: code readability improvement 2024-01-18 16:46:18 -08:00
net xfrm: introduce forwarding of ICMP Error messages 2024-01-25 08:41:44 +01:00
rust Rust changes for v6.8 2024-01-11 13:05:41 -08:00
samples tracing updates for 6.8: 2024-01-18 14:35:29 -08:00
scripts Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
security misc cleanups (the part that hadn't been picked by individual fs trees) 2024-01-11 20:23:50 -08:00
sound This cycle, I2C removes the currently unused CLASS_DDC support 2024-01-18 17:29:01 -08:00
tools vsock/test: add '--peer-port' input argument 2024-01-24 17:47:35 -08:00
usr usr/Kconfig: fix typos of "its" 2023-12-20 15:02:58 -08:00
virt Generic: 2024-01-17 13:03:37 -08:00
.clang-format clang-format: Update with v6.7-rc4's for_each macro list 2023-12-08 23:54:38 +01:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/ 2023-10-03 20:49:09 +09:00
.mailmap Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
.rustfmt.toml
COPYING
CREDITS Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS Including fixes from bpf and netfilter. 2024-01-18 17:33:50 -08:00
Makefile Quite a lot of kexec work this time around. Many singleton patches in 2024-01-09 11:46:20 -08:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.