redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/xfrm
History
Xin Long 0307da6866 xfrm: policy: match with both mark and mask on user interfaces 
[ Upstream commit 4f47e8ab6a ]

In commit ed17b8d377 ("xfrm: fix a warning in xfrm_policy_insert_list"),
it would take 'priority' to make a policy unique, and allow duplicated
policies with different 'priority' to be added, which is not expected
by userland, as Tobias reported in strongswan.

To fix this duplicated policies issue, and also fix the issue in
commit ed17b8d377 ("xfrm: fix a warning in xfrm_policy_insert_list"),
when doing add/del/get/update on user interfaces, this patch is to change
to look up a policy with both mark and mask by doing:

  mark.v == pol->mark.v && mark.m == pol->mark.m

and leave the check:

  (mark & pol->mark.m) == pol->mark.v

for tx/rx path only.

As the userland expects an exact mark and mask match to manage policies.

v1->v2:
  - make xfrm_policy_mark_match inline and fix the changelog as
    Tobias suggested.

Fixes: 295fae5688 ("xfrm: Allow user space manipulation of SPD mark")
Fixes: ed17b8d377 ("xfrm: fix a warning in xfrm_policy_insert_list")
Reported-by: Tobias Brunner <tobias@strongswan.org>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-08-05 09:59:44 +02:00
..
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2019-07-05 14:58:22 -07:00
Makefile
xfrm_algo.c
xfrm_device.c xfrm: Fix double ESP trailer insertion in IPsec crypto offload. 2020-06-30 15:36:53 -04:00
xfrm_hash.c
xfrm_hash.h
xfrm_inout.h
xfrm_input.c xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input 2020-06-03 08:21:31 +02:00
xfrm_interface.c xfrm interface: fix oops when deleting a x-netns interface 2020-06-03 08:21:32 +02:00
xfrm_ipcomp.c net: Use skb_frag_off accessors 2019-07-30 14:21:32 -07:00
xfrm_output.c xfrm: fix a NULL-ptr deref in xfrm_local_error 2020-06-03 08:21:33 +02:00
xfrm_policy.c xfrm: policy: match with both mark and mask on user interfaces 2020-08-05 09:59:44 +02:00
xfrm_proc.c
xfrm_replay.c
xfrm_state.c xfrm: Fix memleak on xfrm state destroy 2019-11-07 10:38:07 +01:00
xfrm_sysctl.c
xfrm_user.c xfrm: policy: match with both mark and mask on user interfaces 2020-08-05 09:59:44 +02:00