mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-24 03:15:59 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/xfrm
History
Benedict Wong c803e91600 xfrm: Ensure policies always checked on XFRM-I input path 
[ Upstream commit a287f5b0cf ]

This change adds methods in the XFRM-I input path that ensures that
policies are checked prior to processing of the subsequent decapsulated
packet, after which the relevant policies may no longer be resolvable
(due to changing src/dst/proto/etc).

Notably, raw ESP/AH packets did not perform policy checks inherently,
whereas all other encapsulated packets (UDP, TCP encapsulated) do policy
checks after calling xfrm_input handling in the respective encapsulation
layer.

Fixes: b0355dbbf1 ("Fix XFRM-I support for nested ESP tunnels")
Test: Verified with additional Android Kernel Unit tests
Test: Verified against Android CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-28 11:12:28 +02:00
..
espintcp.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c 2023-06-28 11:12:28 +02:00
xfrm_algo.c xfrm: Add support for SM4 symmetric cipher algorithm 2021-12-23 09:32:51 +01:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-02-14 19:11:42 +01:00
xfrm_device.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_hash.c
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: Treat already-verified secpath entries as optional 2023-06-28 11:12:28 +02:00
xfrm_interface_core.c xfrm: Ensure policies always checked on XFRM-I input path 2023-06-28 11:12:28 +02:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm_output.c Revert "xfrm: update SA curlft.use_time" 2022-08-03 07:27:37 +02:00
xfrm_policy.c xfrm: Treat already-verified secpath entries as optional 2023-06-28 11:12:28 +02:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state.c xfrm: Allow transport-mode states with AF_UNSPEC selector 2023-03-22 13:33:38 +01:00
xfrm_sysctl.c
xfrm_user.c xfrm: Reject optional tunnel/BEET mode templates in outbound policies 2023-05-24 17:32:43 +01:00