iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Ilan Tayari 8f92e03ecc esp4/6: Fix GSO path for non-GSO SW-crypto packets 
If esp*_offload module is loaded, outbound packets take the
GSO code path, being encapsulated at layer 3, but encrypted
in layer 2. validate_xmit_xfrm calls esp*_xmit for that.

esp*_xmit was wrongfully detecting these packets as going
through hardware crypto offload, while in fact they should
be encrypted in software, causing plaintext leakage to
the network, and also dropping at the receiver side.

Perform the encryption in esp*_xmit, if the SA doesn't have
a hardware offload_handle.

Also, align esp6 code to esp4 logic.

Fixes: fca11ebde3f0 ("esp4: Reorganize esp_output")
Fixes: 383d0350f2cc ("esp6: Reorganize esp_output")
Signed-off-by: Ilan Tayari <ilant@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2017-04-19 07:48:57 +02:00
..
ila
lwtunnel: remove device arg to lwtunnel_build_state
2017-01-30 15:14:22 -05:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-03-23 16:41:27 -07:00
addrconf_core.c
ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument
2015-07-31 15:21:30 -07:00
addrconf.c
net: ipv6: Add support for RTM_DELNETCONF
2017-03-28 22:32:42 -07:00
addrlabel.c
ipv6/addrlabel: fix ip6addrlbl_get()
2015-12-22 15:57:54 -05:00
af_inet6.c
ipv6: add support for NETDEV_RESEND_IGMP event
2017-03-28 22:02:21 -07:00
ah6.c
IPsec: do not ignore crypto err in ah6 input
2017-01-16 12:57:48 +01:00
anycast.c
ipv6: coding style: comparison for equality with NULL
2015-03-31 13:51:54 -04:00
calipso.c
calipso: fix resource leak on calipso_genopt failure
2016-08-13 14:56:17 -07:00
datagram.c
ipv6: Handle IPv4-mapped src to in6addr_any dst.
2017-02-14 12:13:51 -05:00
esp6_offload.c
esp4/6: Fix GSO path for non-GSO SW-crypto packets
2017-04-19 07:48:57 +02:00
esp6.c
esp: Use a synchronous crypto algorithm on offloading.
2017-04-14 10:07:19 +02:00
exthdrs_core.c
ipv6: constify the skb pointer of ipv6_find_tlv().
2016-06-27 15:06:15 -04:00
exthdrs_offload.c
ipv6: fix exthdrs offload registration in out_rt path
2015-09-02 15:31:00 -07:00
exthdrs.c
ipv6: sr: remove cleanup flag and fix HMAC computation
2017-02-03 11:05:23 -05:00
fib6_rules.c
net: flow: Add l3mdev flow update
2016-09-10 23:12:51 -07:00
fou6.c
fou: add Kconfig options for IPv6 support
2016-05-29 22:24:21 -07:00
icmp.c
net: for rate-limited ICMP replies save one atomic operation
2017-01-09 15:49:12 -05:00
inet6_connection_sock.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-01-28 10:33:06 -05:00
inet6_hashtables.c
inet: collapse ipv4/v6 rcv_saddr_equal functions into one
2017-01-18 13:04:28 -05:00
ip6_checksum.c
ipv6: fix checksum annotation in udp6_csum_init
2016-06-14 15:26:42 -04:00
ip6_fib.c
ipv6: make ECMP route replacement less greedy
2017-03-13 12:16:17 -07:00
ip6_flowlabel.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
ip6_gre.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-02-07 16:29:30 -05:00
ip6_icmp.c
ipv6: icmp: add a force_saddr param to icmp6_send()
2016-06-18 22:11:38 -07:00
ip6_input.c
net: Add sysctl to toggle early demux for tcp and udp
2017-03-24 13:17:07 -07:00
ip6_offload.c
net/tunnel: set inner protocol in network gro hooks
2017-03-09 13:19:52 -08:00
ip6_offload.h
udp: Add GRO functions to UDP socket
2016-04-07 16:53:29 -04:00
ip6_output.c
ipv6: avoid write to a possibly cloned skb
2017-03-13 12:53:35 -07:00
ip6_tunnel.c
ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
2017-02-01 12:27:33 -05:00
ip6_udp_tunnel.c
ip6_udp_tunnel: remove unused IPCB related codes
2016-11-02 15:18:36 -04:00
ip6_vti.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2017-03-07 15:00:37 -08:00
ip6mr.c
net: ipv6: Refactor inet6_netconf_notify_devconf to take event
2017-03-28 22:32:42 -07:00
ipcomp6.c
net: inet: Support UID-based routing in IP protocols.
2016-11-04 14:45:23 -04:00
ipv6_sockglue.c
net: Allow IP_MULTICAST_IF to set index to L3 slave
2016-12-30 15:24:47 -05:00
Kconfig
ipv6: sr: select DST_CACHE by default
2017-03-27 16:05:06 -07:00
Makefile
esp: Add a software GRO codepath
2017-02-15 11:04:11 +01:00
mcast_snoop.c
net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code
2015-08-13 17:08:39 -07:00
mcast.c
ipv6: add support for NETDEV_RESEND_IGMP event
2017-03-28 22:02:21 -07:00
mip6.c
ktime: Get rid of ktime_equal()
2016-12-25 17:21:23 +01:00
ndisc.c
net: ipv6: Add sysctl for minimum prefix len acceptable in RIOs.
2017-03-22 14:20:54 -07:00
netfilter.c
net: inet: Support UID-based routing in IP protocols.
2016-11-04 14:45:23 -04:00
output_core.c
ipv6: Set skb->protocol properly for local output
2016-12-02 12:34:22 -05:00
ping.c
ipv6: remove unnecessary inet6_sk check
2016-12-29 12:05:49 -05:00
proc.c
proc: Reduce cache miss in snmp6_seq_show
2016-09-30 01:50:44 -04:00
protocol.c
net: Add sysctl to toggle early demux for tcp and udp
2017-03-24 13:17:07 -07:00
raw.c
net: use dst_confirm_neigh for UDP, RAW, ICMP, L2TP
2017-02-07 13:07:47 -05:00
reassembly.c
ipv6: on reassembly, record frag_max_size
2016-11-03 15:41:11 -04:00
route.c
net: ipv6: set route type for anycast routes
2017-03-16 20:40:14 -07:00
seg6_hmac.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-02-07 16:29:30 -05:00
seg6_iptunnel.c
ipv6: sr: select DST_CACHE by default
2017-03-27 16:05:06 -07:00
seg6.c
ipv6: seg6_genl_set_tunsrc() must check kmemdup() return value
2017-01-20 11:07:48 -05:00
sit.c
sit: fix a double free on error path
2017-02-08 13:12:22 -05:00
syncookies.c
syncookies: use SipHash in place of SHA1
2017-01-09 13:58:57 -05:00
sysctl_net_ipv6.c
calipso: Add a label cache.
2016-06-27 15:06:17 -04:00
tcp_ipv6.c
tcp: Record Rx hash and NAPI ID in tcp_child_process
2017-03-24 20:49:30 -07:00
tcpv6_offload.c
tcp: cleanup static functions
2015-02-28 16:56:51 -05:00
tunnel6.c
ipv6: fix tunnel error handling
2015-11-03 10:52:13 -05:00
udp_impl.h
udplite: call proper backlog handlers
2016-11-24 15:32:14 -05:00
udp_offload.c
gso: Remove arbitrary checks for unsupported GSO
2016-05-20 18:03:15 -04:00
udp.c
net: Add sysctl to toggle early demux for tcp and udp
2017-03-24 13:17:07 -07:00
udplite.c
udplite: call proper backlog handlers
2016-11-24 15:32:14 -05:00
xfrm6_input.c
esp: Add a software GRO codepath
2017-02-15 11:04:11 +01:00
xfrm6_mode_beet.c
xfrm: simplify xfrm_address_t use
2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm: Add encapsulation header offsets while SKB is not encrypted
2017-04-14 10:07:39 +02:00
xfrm6_mode_tunnel.c
xfrm: Add encapsulation header offsets while SKB is not encrypted
2017-04-14 10:07:39 +02:00
xfrm6_output.c
xfrm: Add an IPsec hardware offloading API
2017-04-14 10:06:10 +02:00
xfrm6_policy.c
xfrm: policy: make policy backend const
2017-02-09 10:22:19 +01:00
xfrm6_protocol.c
xfrm: input: constify xfrm_input_afinfo
2017-02-09 10:22:17 +01:00
xfrm6_state.c
xfrm6_tunnel.c
netns: make struct pernet_operations::id unsigned int
2016-11-18 10:59:15 -05:00