Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says: ==================== 1) Initialize the satype field in key_notify_policy_flush(), this was left uninitialized. From Nicolas Dichtel. 2) The sequence number difference for replay notifications was misscalculated on ESN sequence number wrap. We need a separate replay notify function for esn. 3) Fix an off by one in the esn replay notify function. From Mathias Krause. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-03-27 14:07:04 -0400
committer: David S. Miller <davem@davemloft.net> 2013-03-27 14:07:04 -0400
commit: 0fb031f036385af1e1de87ac3e98a2afba2139ae (patch)
tree: 78a2afe0afa772fc1847e1ad486ef950ab8cfa73
parent: 24f11a5cf538a8fcc10d61f457e9a2094fb965b4 (diff)
parent: 799ef90c55e692e096d8bd9e5871b95264b1e9ba (diff)
2 files changed, 66 insertions, 1 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 8555f331ea60..5b1e5af25713 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2693,6 +2693,7 @@ static int key_notify_policy_flush(const struct km_event *c)
        hdr->sadb_msg_pid = c->portid;
        hdr->sadb_msg_version = PF_KEY_V2;
        hdr->sadb_msg_errno = (uint8_t) 0;
+        hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
        hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
        pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
        return 0;
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 35754cc8a9e5..8dafe6d3c6e4 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -334,6 +334,70 @@ static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
                x->xflags &= ~XFRM_TIME_DEFER;
 }
+static void xfrm_replay_notify_esn(struct xfrm_state *x, int event)
+{
+        u32 seq_diff, oseq_diff;
+        struct km_event c;
+        struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
+        struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
+        /* we send notify messages in case
+         *  1. we updated on of the sequence numbers, and the seqno difference
+         *     is at least x->replay_maxdiff, in this case we also update the
+         *     timeout of our timer function
+         *  2. if x->replay_maxage has elapsed since last update,
+         *     and there were changes
+         *
+         *  The state structure must be locked!
+         */
+        switch (event) {
+        case XFRM_REPLAY_UPDATE:
+                if (!x->replay_maxdiff)
+                        break;
+                if (replay_esn->seq_hi == preplay_esn->seq_hi)
+                        seq_diff = replay_esn->seq - preplay_esn->seq;
+                else
+                        seq_diff = ~preplay_esn->seq + replay_esn->seq + 1;
+                if (replay_esn->oseq_hi == preplay_esn->oseq_hi)
+                        oseq_diff = replay_esn->oseq - preplay_esn->oseq;
+                else
+                        oseq_diff = ~preplay_esn->oseq + replay_esn->oseq + 1;
+                if (seq_diff < x->replay_maxdiff &&
+                    oseq_diff < x->replay_maxdiff) {
+                        if (x->xflags & XFRM_TIME_DEFER)
+                                event = XFRM_REPLAY_TIMEOUT;
+                        else
+                                return;
+                }
+                break;
+        case XFRM_REPLAY_TIMEOUT:
+                if (memcmp(x->replay_esn, x->preplay_esn,
+                           xfrm_replay_state_esn_len(replay_esn)) == 0) {
+                        x->xflags |= XFRM_TIME_DEFER;
+                        return;
+                }
+                break;
+        }
+        memcpy(x->preplay_esn, x->replay_esn,
+               xfrm_replay_state_esn_len(replay_esn));
+        c.event = XFRM_MSG_NEWAE;
+        c.data.aevent = event;
+        km_state_notify(x, &c);
+        if (x->replay_maxage &&
+            !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
+                x->xflags &= ~XFRM_TIME_DEFER;
+}
 static int xfrm_replay_overflow_esn(struct xfrm_state *x, struct sk_buff *skb)
 {
        int err = 0;
@@ -510,7 +574,7 @@ static struct xfrm_replay xfrm_replay_esn = {
        .advance        = xfrm_replay_advance_esn,
        .check          = xfrm_replay_check_esn,
        .recheck        = xfrm_replay_recheck_esn,
-        .notify         = xfrm_replay_notify_bmp,
+        .notify         = xfrm_replay_notify_esn,
        .overflow       = xfrm_replay_overflow_esn,
 };
author	David S. Miller <davem@davemloft.net>	2013-03-27 14:07:04 -0400
committer	David S. Miller <davem@davemloft.net>	2013-03-27 14:07:04 -0400
commit	0fb031f036385af1e1de87ac3e98a2afba2139ae (patch)
tree	78a2afe0afa772fc1847e1ad486ef950ab8cfa73
parent	24f11a5cf538a8fcc10d61f457e9a2094fb965b4 (diff)
parent	799ef90c55e692e096d8bd9e5871b95264b1e9ba (diff)

diff --git a/net/key/af_key.c b/net/key/af_key.c index 8555f331ea60..5b1e5af25713 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -2693,6 +2693,7 @@ static int key_notify_policy_flush(const struct km_event *c)
2693	hdr->sadb_msg_pid = c->portid;	2693	hdr->sadb_msg_pid = c->portid;
2694	hdr->sadb_msg_version = PF_KEY_V2;	2694	hdr->sadb_msg_version = PF_KEY_V2;
2695	hdr->sadb_msg_errno = (uint8_t) 0;	2695	hdr->sadb_msg_errno = (uint8_t) 0;
		2696	hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
2696	hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));	2697	hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
2697	pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);	2698	pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
2698	return 0;	2699	return 0;


diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 35754cc8a9e5..8dafe6d3c6e4 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c
@@ -334,6 +334,70 @@ static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
334	x->xflags &= ~XFRM_TIME_DEFER;	334	x->xflags &= ~XFRM_TIME_DEFER;
335	}	335	}
336		336
		337	static void xfrm_replay_notify_esn(struct xfrm_state *x, int event)
		338	{
		339	u32 seq_diff, oseq_diff;
		340	struct km_event c;
		341	struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
		342	struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
		343
		344	/* we send notify messages in case
		345	* 1. we updated on of the sequence numbers, and the seqno difference
		346	* is at least x->replay_maxdiff, in this case we also update the
		347	* timeout of our timer function
		348	* 2. if x->replay_maxage has elapsed since last update,
		349	* and there were changes
		350	*
		351	* The state structure must be locked!
		352	*/
		353
		354	switch (event) {
		355	case XFRM_REPLAY_UPDATE:
		356	if (!x->replay_maxdiff)
		357	break;
		358
		359	if (replay_esn->seq_hi == preplay_esn->seq_hi)
		360	seq_diff = replay_esn->seq - preplay_esn->seq;
		361	else
		362	seq_diff = ~preplay_esn->seq + replay_esn->seq + 1;
		363
		364	if (replay_esn->oseq_hi == preplay_esn->oseq_hi)
		365	oseq_diff = replay_esn->oseq - preplay_esn->oseq;
		366	else
		367	oseq_diff = ~preplay_esn->oseq + replay_esn->oseq + 1;
		368
		369	if (seq_diff < x->replay_maxdiff &&
		370	oseq_diff < x->replay_maxdiff) {
		371
		372	if (x->xflags & XFRM_TIME_DEFER)
		373	event = XFRM_REPLAY_TIMEOUT;
		374	else
		375	return;
		376	}
		377
		378	break;
		379
		380	case XFRM_REPLAY_TIMEOUT:
		381	if (memcmp(x->replay_esn, x->preplay_esn,
		382	xfrm_replay_state_esn_len(replay_esn)) == 0) {
		383	x->xflags \|= XFRM_TIME_DEFER;
		384	return;
		385	}
		386
		387	break;
		388	}
		389
		390	memcpy(x->preplay_esn, x->replay_esn,
		391	xfrm_replay_state_esn_len(replay_esn));
		392	c.event = XFRM_MSG_NEWAE;
		393	c.data.aevent = event;
		394	km_state_notify(x, &c);
		395
		396	if (x->replay_maxage &&
		397	!mod_timer(&x->rtimer, jiffies + x->replay_maxage))
		398	x->xflags &= ~XFRM_TIME_DEFER;
		399	}
		400
337	static int xfrm_replay_overflow_esn(struct xfrm_state x, struct sk_buff skb)	401	static int xfrm_replay_overflow_esn(struct xfrm_state x, struct sk_buff skb)
338	{	402	{
339	int err = 0;	403	int err = 0;
@@ -510,7 +574,7 @@ static struct xfrm_replay xfrm_replay_esn = {
510	.advance = xfrm_replay_advance_esn,	574	.advance = xfrm_replay_advance_esn,
511	.check = xfrm_replay_check_esn,	575	.check = xfrm_replay_check_esn,
512	.recheck = xfrm_replay_recheck_esn,	576	.recheck = xfrm_replay_recheck_esn,
513	.notify = xfrm_replay_notify_bmp,	577	.notify = xfrm_replay_notify_esn,
514	.overflow = xfrm_replay_overflow_esn,	578	.overflow = xfrm_replay_overflow_esn,
515	};	579	};
516		580