http://kerneltrap.org/mailarchive/linux-netdev/2008/7/3/2335584/thread[PATCH] xfrm: Fix inter family IPsec tunnel handling againPrevious thread: [PATCH]
xfrm: Fix possible error pointer dereference by Steffen
Klassert on Thursday, July 3, 2008 - 4:48 am. (3 messages)
Next thread: none To: David Miller <[EMAIL PROTECTED]>,
Herbert Xu <[EMAIL PROTECTED]>
Date: Thursday, July 3, 2008 - 4:55 am
Move the selector family initialization behind the check for AF_UNSPEC
and call xfrm_ip2inner_mode() in any case. So the selector family is
intitalized in any case and we can choose for the right inner_mode.
Also check for IPPROTO_IPIP and IPPROTO_IPV6 in xfrm{4,6}_mode_tunnel_input()
to remove the right header.
Signed-off-by: Steffen Klassert <[EMAIL PROTECTED]>
---
net/ipv4/xfrm4_mode_tunnel.c | 20 +++++++++++++++-----
net/ipv6/xfrm6_mode_tunnel.c | 14 +++++++++++---
net/xfrm/xfrm_input.c | 19 ++++---------------
net/xfrm/xfrm_state.c | 2 ++
net/xfrm/xfrm_user.c | 4 ----
5 files changed, 32 insertions(+), 27 deletions(-)
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 7135279..5fabea3 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -68,11 +68,21 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
const unsigned char *old_mac;
int err = -EINVAL;
- if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
- goto out;
-
- if (!pskb_may_pull(skb, sizeof(struct iphdr)))
- goto out;
+ switch (XFRM_MODE_SKB_CB(skb)->protocol) {
+ case IPPROTO_IPIP:
+ if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+ goto out;
+ break;
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+ case IPPROTO_IPV6:
+ if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+ goto out;
+ break;
+#endif
+ default:
+ goto out;
+ }
+
if (skb_cloned(skb) &&
(err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index e20529b..440f064 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -63,10 +63,18 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
int er...
To: Steffen Klassert
<[EMAIL PROTECTED]>
Date: Thursday, July 3, 2008 - 5:05 am
This is supposed to use protocol-agnostic data so why do you need the ifdef? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To: Herbert Xu <[EMAIL PROTECTED]>
Date: Thursday, July 3, 2008 - 5:18 am
Well, I added the ifdef because it was there in the 2.6.24 code, I could remove it and resend if you agree with the rest of the patch. Steffen -- To: Steffen Klassert
<[EMAIL PROTECTED]>
Date: Thursday, July 3, 2008 - 5:53 am
You missed my point. The fact that you're testing for IPv6 at all is the bit that requires explanation. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To: Herbert Xu <[EMAIL PROTECTED]>
Date: Thursday, July 3, 2008 - 7:22 am
At one point when I tried to find out why the inter family tunnels don't work I thought that I can't be sure which header I have to remove. I double checked this and in fact the test for IPV6 is not necessary. I will send an updated patch. Steffen -- |
http://kerneltrap.org/mailarchive/linux-netdev/2008/7/3/2335584/thread[PATCH] xfrm: Fix inter family IPsec tunnel handling againPrevious thread: [PATCH]
xfrm: Fix possible error pointer dereference by Steffen
Klassert on Thursday, July 3, 2008 - 4:48 am. (3 messages)
Next thread: none |
