* pull request (net): ipsec 2016-12-01
@ 2016-12-01 11:44 Steffen Klassert
2016-12-01 11:44 ` [PATCH 1/3] xfrm_user: fix return value from xfrm_user_rcv_msg Steffen Klassert
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Steffen Klassert @ 2016-12-01 11:44 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
1) Change the error value when someone tries to run 32bit
userspace on a 64bit host from -ENOTSUPP to the userspace
exported -EOPNOTSUPP. Fix from Yi Zhao.
2) On inbound, ESN sequence numbers are already in network
byte order. So don't try to convert it again, this fixes
integrity verification for ESN. Fixes from Tobias Brunner.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit f2ebf2a6ca94e78be179e8c99d34c87efc5e8bfb:
Merge branch 'fixed-phy-phydev-leaks' (2016-11-29 23:17:04 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
for you to fetch changes up to a55e23864d381c5a4ef110df94b00b2fe121a70d:
esp6: Fix integrity verification when ESN are used (2016-11-30 11:10:16 +0100)
----------------------------------------------------------------
Tobias Brunner (2):
esp4: Fix integrity verification when ESN are used
esp6: Fix integrity verification when ESN are used
Yi Zhao (1):
xfrm_user: fix return value from xfrm_user_rcv_msg
net/ipv4/esp4.c | 2 +-
net/ipv6/esp6.c | 2 +-
net/xfrm/xfrm_user.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/3] xfrm_user: fix return value from xfrm_user_rcv_msg
2016-12-01 11:44 pull request (net): ipsec 2016-12-01 Steffen Klassert
@ 2016-12-01 11:44 ` Steffen Klassert
2016-12-01 11:44 ` [PATCH 2/3] esp4: Fix integrity verification when ESN are used Steffen Klassert
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2016-12-01 11:44 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Yi Zhao <yi.zhao@windriver.com>
It doesn't support to run 32bit 'ip' to set xfrm objdect on 64bit host.
But the return value is unknown for user program:
ip xfrm policy list
RTNETLINK answers: Unknown error 524
Replace ENOTSUPP with EOPNOTSUPP:
ip xfrm policy list
RTNETLINK answers: Operation not supported
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0889209..671a1d0 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2450,7 +2450,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
#ifdef CONFIG_COMPAT
if (in_compat_syscall())
- return -ENOTSUPP;
+ return -EOPNOTSUPP;
#endif
type = nlh->nlmsg_type;
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] esp4: Fix integrity verification when ESN are used
2016-12-01 11:44 pull request (net): ipsec 2016-12-01 Steffen Klassert
2016-12-01 11:44 ` [PATCH 1/3] xfrm_user: fix return value from xfrm_user_rcv_msg Steffen Klassert
@ 2016-12-01 11:44 ` Steffen Klassert
2016-12-01 11:44 ` [PATCH 3/3] esp6: " Steffen Klassert
2016-12-01 16:36 ` pull request (net): ipsec 2016-12-01 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2016-12-01 11:44 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Tobias Brunner <tobias@strongswan.org>
When handling inbound packets, the two halves of the sequence number
stored on the skb are already in network order.
Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface")
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv4/esp4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index d95631d..20fb25e 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -476,7 +476,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
esph = (void *)skb_push(skb, 4);
*seqhi = esph->spi;
esph->spi = esph->seq_no;
- esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
+ esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
aead_request_set_callback(req, 0, esp_input_done_esn, skb);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] esp6: Fix integrity verification when ESN are used
2016-12-01 11:44 pull request (net): ipsec 2016-12-01 Steffen Klassert
2016-12-01 11:44 ` [PATCH 1/3] xfrm_user: fix return value from xfrm_user_rcv_msg Steffen Klassert
2016-12-01 11:44 ` [PATCH 2/3] esp4: Fix integrity verification when ESN are used Steffen Klassert
@ 2016-12-01 11:44 ` Steffen Klassert
2016-12-01 16:36 ` pull request (net): ipsec 2016-12-01 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2016-12-01 11:44 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
From: Tobias Brunner <tobias@strongswan.org>
When handling inbound packets, the two halves of the sequence number
stored on the skb are already in network order.
Fixes: 000ae7b2690e ("esp6: Switch to new AEAD interface")
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv6/esp6.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 060a60b..111ba55 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
esph = (void *)skb_push(skb, 4);
*seqhi = esph->spi;
esph->spi = esph->seq_no;
- esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
+ esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
aead_request_set_callback(req, 0, esp_input_done_esn, skb);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: pull request (net): ipsec 2016-12-01
2016-12-01 11:44 pull request (net): ipsec 2016-12-01 Steffen Klassert
` (2 preceding siblings ...)
2016-12-01 11:44 ` [PATCH 3/3] esp6: " Steffen Klassert
@ 2016-12-01 16:36 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2016-12-01 16:36 UTC (permalink / raw)
To: steffen.klassert; +Cc: herbert, netdev
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Thu, 1 Dec 2016 12:44:49 +0100
> 1) Change the error value when someone tries to run 32bit
> userspace on a 64bit host from -ENOTSUPP to the userspace
> exported -EOPNOTSUPP. Fix from Yi Zhao.
>
> 2) On inbound, ESN sequence numbers are already in network
> byte order. So don't try to convert it again, this fixes
> integrity verification for ESN. Fixes from Tobias Brunner.
>
> Please pull or let me know if there are problems.
Pulled, thanks Steffen.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-12-01 16:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-01 11:44 pull request (net): ipsec 2016-12-01 Steffen Klassert
2016-12-01 11:44 ` [PATCH 1/3] xfrm_user: fix return value from xfrm_user_rcv_msg Steffen Klassert
2016-12-01 11:44 ` [PATCH 2/3] esp4: Fix integrity verification when ESN are used Steffen Klassert
2016-12-01 11:44 ` [PATCH 3/3] esp6: " Steffen Klassert
2016-12-01 16:36 ` pull request (net): ipsec 2016-12-01 David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).