system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-06 18:01:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/xfrm
History
Benedict Wong 8680407b6f xfrm: Check if_id in inbound policy/secpath match 
This change ensures that if configured in the policy, the if_id set in
the policy and secpath states match during the inbound policy check.
Without this, there is potential for ambiguity where entries in the
secpath differing by only the if_id could be mismatched.

Notably, this is checked in the outbound direction when resolving
templates to SAs, but not on the inbound path when matching SAs and
policies.

Test: Tested against Android kernel unit tests & CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2023-05-10 07:56:05 +02:00
..
espintcp.c net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF 2022-12-05 21:58:27 -08:00
xfrm_algo.c xfrm: Add support for SM4 symmetric cipher algorithm 2021-12-23 09:32:51 +01:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-01-23 07:44:09 +01:00
xfrm_device.c xfrm: Fix leak of dev tracker 2023-04-21 08:54:04 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: fix bug with DSCP copy to v6 from v4 tunnel 2023-01-30 11:31:58 +01:00
xfrm_interface_bpf.c bpf: Add __bpf_kfunc tag to all kfuncs 2023-02-02 00:25:14 +01:00
xfrm_interface_core.c Revert "Fix XFRM-I support for nested ESP tunnels" 2023-04-25 09:50:34 +02:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm_output.c xfrm: add TX datapath support for IPsec packet offload mode 2022-12-05 10:34:49 +01:00
xfrm_policy.c xfrm: Check if_id in inbound policy/secpath match 2023-05-10 07:56:05 +02:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state.c ipsec-2023-03-15 2023-03-16 17:23:48 -07:00
xfrm_sysctl.c
xfrm_user.c xfrm: Reject optional tunnel/BEET mode templates in outbound policies 2023-05-10 07:04:50 +02:00