Commit a0b78018 authored by Tom Lendacky's avatar Tom Lendacky Committed by Linus Torvalds

[IPSEC]: IPV6 AH/ESP fixes.

parent c81baf47
...@@ -199,7 +199,7 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -199,7 +199,7 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
} }
} }
nexthdr = ah->nexthdr; nexthdr = ((struct ipv6hdr*)tmp_hdr)->nexthdr = ah->nexthdr;
skb->nh.raw = skb_pull(skb, (ah->hdrlen+2)<<2); skb->nh.raw = skb_pull(skb, (ah->hdrlen+2)<<2);
memcpy(skb->nh.raw, tmp_hdr, hdr_len); memcpy(skb->nh.raw, tmp_hdr, hdr_len);
skb->nh.ipv6h->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); skb->nh.ipv6h->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
...@@ -287,7 +287,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args) ...@@ -287,7 +287,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args)
x->props.header_len = XFRM_ALIGN8(ahp->icv_trunc_len + AH_HLEN_NOICV); x->props.header_len = XFRM_ALIGN8(ahp->icv_trunc_len + AH_HLEN_NOICV);
if (x->props.mode) if (x->props.mode)
x->props.header_len += 20; x->props.header_len += 40;
x->data = ahp; x->data = ahp;
return 0; return 0;
......
...@@ -108,7 +108,7 @@ int esp6_output(struct sk_buff *skb) ...@@ -108,7 +108,7 @@ int esp6_output(struct sk_buff *skb)
struct dst_entry *dst = skb->dst; struct dst_entry *dst = skb->dst;
struct xfrm_state *x = dst->xfrm; struct xfrm_state *x = dst->xfrm;
struct ipv6hdr *iph = NULL, *top_iph; struct ipv6hdr *iph = NULL, *top_iph;
struct ip_esp_hdr *esph; struct ipv6_esp_hdr *esph;
struct crypto_tfm *tfm; struct crypto_tfm *tfm;
struct esp_data *esp; struct esp_data *esp;
struct sk_buff *trailer; struct sk_buff *trailer;
...@@ -154,7 +154,7 @@ int esp6_output(struct sk_buff *skb) ...@@ -154,7 +154,7 @@ int esp6_output(struct sk_buff *skb)
esp = x->data; esp = x->data;
alen = esp->auth.icv_trunc_len; alen = esp->auth.icv_trunc_len;
tfm = esp->conf.tfm; tfm = esp->conf.tfm;
blksize = crypto_tfm_alg_blocksize(tfm); blksize = (crypto_tfm_alg_blocksize(tfm) + 3) & ~3;
clen = (clen + 2 + blksize-1)&~(blksize-1); clen = (clen + 2 + blksize-1)&~(blksize-1);
if (esp->conf.padlen) if (esp->conf.padlen)
clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1); clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1);
...@@ -176,7 +176,7 @@ int esp6_output(struct sk_buff *skb) ...@@ -176,7 +176,7 @@ int esp6_output(struct sk_buff *skb)
if (x->props.mode) { if (x->props.mode) {
iph = skb->nh.ipv6h; iph = skb->nh.ipv6h;
top_iph = (struct ipv6hdr*)skb_push(skb, x->props.header_len); top_iph = (struct ipv6hdr*)skb_push(skb, x->props.header_len);
esph = (struct ip_esp_hdr*)(top_iph+1); esph = (struct ipv6_esp_hdr*)(top_iph+1);
*(u8*)(trailer->tail - 1) = IPPROTO_IPV6; *(u8*)(trailer->tail - 1) = IPPROTO_IPV6;
top_iph->version = 6; top_iph->version = 6;
top_iph->priority = iph->priority; top_iph->priority = iph->priority;
...@@ -184,13 +184,13 @@ int esp6_output(struct sk_buff *skb) ...@@ -184,13 +184,13 @@ int esp6_output(struct sk_buff *skb)
top_iph->flow_lbl[1] = iph->flow_lbl[1]; top_iph->flow_lbl[1] = iph->flow_lbl[1];
top_iph->flow_lbl[2] = iph->flow_lbl[2]; top_iph->flow_lbl[2] = iph->flow_lbl[2];
top_iph->nexthdr = IPPROTO_ESP; top_iph->nexthdr = IPPROTO_ESP;
top_iph->payload_len = htons(skb->len + alen); top_iph->payload_len = htons(skb->len + alen - sizeof(struct ipv6hdr));
top_iph->hop_limit = iph->hop_limit; top_iph->hop_limit = iph->hop_limit;
memcpy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr, sizeof(struct ipv6hdr)); memcpy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr, sizeof(struct in6_addr));
memcpy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr, sizeof(struct ipv6hdr)); memcpy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr, sizeof(struct in6_addr));
} else { } else {
/* XXX exthdr */ /* XXX exthdr */
esph = (struct ip_esp_hdr*)skb_push(skb, x->props.header_len); esph = (struct ipv6_esp_hdr*)skb_push(skb, x->props.header_len);
skb->h.raw = (unsigned char*)esph; skb->h.raw = (unsigned char*)esph;
top_iph = (struct ipv6hdr*)skb_push(skb, hdr_len); top_iph = (struct ipv6hdr*)skb_push(skb, hdr_len);
memcpy(top_iph, iph, hdr_len); memcpy(top_iph, iph, hdr_len);
...@@ -257,7 +257,7 @@ int esp6_output(struct sk_buff *skb) ...@@ -257,7 +257,7 @@ int esp6_output(struct sk_buff *skb)
int esp6_input(struct xfrm_state *x, struct sk_buff *skb) int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
{ {
struct ipv6hdr *iph; struct ipv6hdr *iph;
struct ip_esp_hdr *esph; struct ipv6_esp_hdr *esph;
struct esp_data *esp = x->data; struct esp_data *esp = x->data;
struct sk_buff *trailer; struct sk_buff *trailer;
int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); int blksize = crypto_tfm_alg_blocksize(esp->conf.tfm);
...@@ -269,7 +269,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -269,7 +269,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
u8 ret_nexthdr = 0; u8 ret_nexthdr = 0;
unsigned char *tmp_hdr = NULL; unsigned char *tmp_hdr = NULL;
if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) if (!pskb_may_pull(skb, sizeof(struct ipv6_esp_hdr)))
goto out; goto out;
if (elen <= 0 || (elen & (blksize-1))) if (elen <= 0 || (elen & (blksize-1)))
...@@ -301,7 +301,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -301,7 +301,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
skb->ip_summed = CHECKSUM_NONE; skb->ip_summed = CHECKSUM_NONE;
esph = (struct ip_esp_hdr*)skb->data; esph = (struct ipv6_esp_hdr*)skb->data;
iph = skb->nh.ipv6h; iph = skb->nh.ipv6h;
/* Get ivec. This can be wrong, check against another impls. */ /* Get ivec. This can be wrong, check against another impls. */
...@@ -336,7 +336,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb) ...@@ -336,7 +336,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
} }
/* ... check padding bits here. Silly. :-) */ /* ... check padding bits here. Silly. :-) */
ret_nexthdr = nexthdr[1]; ret_nexthdr = ((struct ipv6hdr*)tmp_hdr)->nexthdr = nexthdr[1];
pskb_trim(skb, skb->len - alen - padlen - 2); pskb_trim(skb, skb->len - alen - padlen - 2);
skb->h.raw = skb_pull(skb, 8 + esp->conf.ivlen); skb->h.raw = skb_pull(skb, 8 + esp->conf.ivlen);
skb->nh.raw += 8 + esp->conf.ivlen; skb->nh.raw += 8 + esp->conf.ivlen;
...@@ -370,7 +370,7 @@ void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, ...@@ -370,7 +370,7 @@ void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
int type, int code, int offset, __u32 info) int type, int code, int offset, __u32 info)
{ {
struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+offset); struct ipv6_esp_hdr *esph = (struct ipv6_esp_hdr*)(skb->data+offset);
struct xfrm_state *x; struct xfrm_state *x;
if (type != ICMPV6_DEST_UNREACH || if (type != ICMPV6_DEST_UNREACH ||
...@@ -416,7 +416,7 @@ int esp6_init_state(struct xfrm_state *x, void *args) ...@@ -416,7 +416,7 @@ int esp6_init_state(struct xfrm_state *x, void *args)
if (x->aalg->alg_key_len == 0 || x->aalg->alg_key_len > 512) if (x->aalg->alg_key_len == 0 || x->aalg->alg_key_len > 512)
goto error; goto error;
} }
if (x->ealg == NULL || x->ealg->alg_key_len == 0) if (x->ealg == NULL)
goto error; goto error;
esp = kmalloc(sizeof(*esp), GFP_KERNEL); esp = kmalloc(sizeof(*esp), GFP_KERNEL);
......
...@@ -186,6 +186,8 @@ int xfrm6_rcv(struct sk_buff **pskb) ...@@ -186,6 +186,8 @@ int xfrm6_rcv(struct sk_buff **pskb)
xfrm_vec[xfrm_nr++] = x; xfrm_vec[xfrm_nr++] = x;
iph = skb->nh.ipv6h;
if (x->props.mode) { /* XXX */ if (x->props.mode) { /* XXX */
if (iph->nexthdr != IPPROTO_IPV6) if (iph->nexthdr != IPPROTO_IPV6)
goto drop; goto drop;
...@@ -199,9 +201,11 @@ int xfrm6_rcv(struct sk_buff **pskb) ...@@ -199,9 +201,11 @@ int xfrm6_rcv(struct sk_buff **pskb)
goto drop; goto drop;
} while (!err); } while (!err);
if (!decaps) {
memcpy(skb->nh.raw, tmp_hdr, hdr_len); memcpy(skb->nh.raw, tmp_hdr, hdr_len);
skb->nh.raw[nh_offset] = nexthdr; skb->nh.raw[nh_offset] = nexthdr;
skb->nh.ipv6h->payload_len = htons(hdr_len + skb->len - sizeof(struct ipv6hdr)); skb->nh.ipv6h->payload_len = htons(hdr_len + skb->len - sizeof(struct ipv6hdr));
}
/* Allocate new secpath or COW existing one. */ /* Allocate new secpath or COW existing one. */
if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) { if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment