udpencap: Remove Obsolete UDP_ENCAP_ESPINUDP_NON_IKE Support
The UDP_ENCAP_ESPINUDP_NON_IKE mode, introduced into the Linux kernel in 2004 [2], has remained inactive and obsolete for an extended period. This mode was originally defined in an early version of an IETF draft [1] from 2001. By the time it was integrated into the kernel in 2004 [2], it had already been replaced by UDP_ENCAP_ESPINUDP [3] in later versions of draft-ietf-ipsec-udp-encaps, particularly in version 06. Over time, UDP_ENCAP_ESPINUDP_NON_IKE has lost its relevance, with no known use cases. With this commit, we remove support for UDP_ENCAP_ESPINUDP_NON_IKE, simplifying the codebase and eliminating unnecessary complexity. Kernel will return an error -ENOPROTOOPT if the userspace tries to set this option. References: [1] https://datatracker.ietf.org/doc/html/draft-ietf-ipsec-udp-encaps-00.txt [2] Commit that added UDP_ENCAP_ESPINUDP_NON_IKE to the Linux historic repository. Author: Andreas Gruenbacher <agruen@suse.de> Date: Fri Apr 9 01:47:47 2004 -0700 [IPSEC]: Support draft-ietf-ipsec-udp-encaps-00/01, some ipec impls need it. [3] Commit that added UDP_ENCAP_ESPINUDP to the Linux historic repository. Author: Derek Atkins <derek@ihtfp.com> Date: Wed Apr 2 13:21:02 2003 -0800 [IPSEC]: Implement UDP Encapsulation framework. Signed-off-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Antony Antony
Steffen Klassert
parent
267e31750a
commit
aeb48a428d
@ -36,7 +36,7 @@ struct udphdr {
|
||||
#define UDP_GRO 104 /* This socket can receive UDP GRO packets */
|
||||
|
||||
/* UDP encapsulation types */
|
||||
#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
|
||||
#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* unused draft-ietf-ipsec-nat-t-ike-00/01 */
|
||||
#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */
|
||||
#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */
|
||||
#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */
|
||||
|
||||
@ -347,7 +347,6 @@ static struct ip_esp_hdr *esp_output_udp_encap(struct sk_buff *skb,
|
||||
__be16 dport)
|
||||
{
|
||||
struct udphdr *uh;
|
||||
__be32 *udpdata32;
|
||||
unsigned int len;
|
||||
|
||||
len = skb->len + esp->tailen - skb_transport_offset(skb);
|
||||
@ -362,12 +361,6 @@ static struct ip_esp_hdr *esp_output_udp_encap(struct sk_buff *skb,
|
||||
|
||||
*skb_mac_header(skb) = IPPROTO_UDP;
|
||||
|
||||
if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {
|
||||
udpdata32 = (__be32 *)(uh + 1);
|
||||
udpdata32[0] = udpdata32[1] = 0;
|
||||
return (struct ip_esp_hdr *)(udpdata32 + 2);
|
||||
}
|
||||
|
||||
return (struct ip_esp_hdr *)(uh + 1);
|
||||
}
|
||||
|
||||
@ -423,7 +416,6 @@ static int esp_output_encap(struct xfrm_state *x, struct sk_buff *skb,
|
||||
switch (encap_type) {
|
||||
default:
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
esph = esp_output_udp_encap(skb, encap_type, esp, sport, dport);
|
||||
break;
|
||||
case TCP_ENCAP_ESPINTCP:
|
||||
@ -775,7 +767,6 @@ int esp_input_done2(struct sk_buff *skb, int err)
|
||||
source = th->source;
|
||||
break;
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
source = uh->source;
|
||||
break;
|
||||
default:
|
||||
@ -1179,9 +1170,6 @@ static int esp_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
x->props.header_len += sizeof(struct udphdr);
|
||||
break;
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
|
||||
break;
|
||||
#ifdef CONFIG_INET_ESPINTCP
|
||||
case TCP_ENCAP_ESPINTCP:
|
||||
/* only the length field, TCP encap is done by
|
||||
|
||||
@ -2699,8 +2699,6 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
|
||||
#ifdef CONFIG_XFRM
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
set_xfrm_gro_udp_encap_rcv(val, sk->sk_family, sk);
|
||||
fallthrough;
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
#if IS_ENABLED(CONFIG_IPV6)
|
||||
if (sk->sk_family == AF_INET6)
|
||||
WRITE_ONCE(up->encap_rcv,
|
||||
|
||||
@ -113,19 +113,6 @@ static int __xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb, bool pull
|
||||
/* Must be an IKE packet.. pass it through */
|
||||
return 1;
|
||||
break;
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
/* Check if this is a keepalive packet. If so, eat it. */
|
||||
if (len == 1 && udpdata[0] == 0xff) {
|
||||
return -EINVAL;
|
||||
} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
|
||||
udpdata32[0] == 0 && udpdata32[1] == 0) {
|
||||
|
||||
/* ESP Packet with Non-IKE marker */
|
||||
len = sizeof(struct udphdr) + 2 * sizeof(u32);
|
||||
} else
|
||||
/* Must be an IKE packet.. pass it through */
|
||||
return 1;
|
||||
break;
|
||||
}
|
||||
|
||||
/* At this point we are sure that this is an ESPinUDP packet,
|
||||
|
||||
@ -383,7 +383,6 @@ static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb,
|
||||
__be16 dport)
|
||||
{
|
||||
struct udphdr *uh;
|
||||
__be32 *udpdata32;
|
||||
unsigned int len;
|
||||
|
||||
len = skb->len + esp->tailen - skb_transport_offset(skb);
|
||||
@ -398,12 +397,6 @@ static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb,
|
||||
|
||||
*skb_mac_header(skb) = IPPROTO_UDP;
|
||||
|
||||
if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {
|
||||
udpdata32 = (__be32 *)(uh + 1);
|
||||
udpdata32[0] = udpdata32[1] = 0;
|
||||
return (struct ip_esp_hdr *)(udpdata32 + 2);
|
||||
}
|
||||
|
||||
return (struct ip_esp_hdr *)(uh + 1);
|
||||
}
|
||||
|
||||
@ -459,7 +452,6 @@ static int esp6_output_encap(struct xfrm_state *x, struct sk_buff *skb,
|
||||
switch (encap_type) {
|
||||
default:
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
esph = esp6_output_udp_encap(skb, encap_type, esp, sport, dport);
|
||||
break;
|
||||
case TCP_ENCAP_ESPINTCP:
|
||||
@ -822,7 +814,6 @@ int esp6_input_done2(struct sk_buff *skb, int err)
|
||||
source = th->source;
|
||||
break;
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
source = uh->source;
|
||||
break;
|
||||
default:
|
||||
@ -1232,9 +1223,6 @@ static int esp6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
|
||||
case UDP_ENCAP_ESPINUDP:
|
||||
x->props.header_len += sizeof(struct udphdr);
|
||||
break;
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
|
||||
break;
|
||||
#ifdef CONFIG_INET6_ESPINTCP
|
||||
case TCP_ENCAP_ESPINTCP:
|
||||
/* only the length field, TCP encap is done by
|
||||
|
||||
@ -109,19 +109,6 @@ static int __xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb, bool pull
|
||||
/* Must be an IKE packet.. pass it through */
|
||||
return 1;
|
||||
break;
|
||||
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
||||
/* Check if this is a keepalive packet. If so, eat it. */
|
||||
if (len == 1 && udpdata[0] == 0xff) {
|
||||
return -EINVAL;
|
||||
} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
|
||||
udpdata32[0] == 0 && udpdata32[1] == 0) {
|
||||
|
||||
/* ESP Packet with Non-IKE marker */
|
||||
len = sizeof(struct udphdr) + 2 * sizeof(u32);
|
||||
} else
|
||||
/* Must be an IKE packet.. pass it through */
|
||||
return 1;
|
||||
break;
|
||||
}
|
||||
|
||||
/* At this point we are sure that this is an ESPinUDP packet,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user