aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2008-02-13 01:50:35 -0500
committerDavid S. Miller <davem@davemloft.net>2008-02-13 01:50:35 -0500
commitb318e0e4ef4e85812c25afa19f75addccc834cd4 (patch)
tree95d51df1aa01978a99e763cd92fd6f7f4647bf20
parent45b503548210fe6f23e92b856421c2a3f05fd034 (diff)
[IPSEC]: Fix bogus usage of u64 on input sequence number
Al Viro spotted a bogus use of u64 on the input sequence number which is big-endian. This patch fixes it by giving the input sequence number its own member in the xfrm_skb_cb structure. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/xfrm.h5
-rw-r--r--net/ipv4/ah4.c2
-rw-r--r--net/ipv4/esp4.c5
-rw-r--r--net/ipv6/ah6.c2
-rw-r--r--net/ipv6/esp6.c5
-rw-r--r--net/xfrm/xfrm_input.c4
-rw-r--r--net/xfrm/xfrm_output.c2
7 files changed, 15 insertions, 10 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index ac72116636ca..eea7785cc757 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -508,7 +508,10 @@ struct xfrm_skb_cb {
508 } header; 508 } header;
509 509
510 /* Sequence number for replay protection. */ 510 /* Sequence number for replay protection. */
511 u64 seq; 511 union {
512 u64 output;
513 __be32 input;
514 } seq;
512}; 515};
513 516
514#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0])) 517#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 9d4555ec0b59..8219b7e0968d 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -96,7 +96,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
96 96
97 ah->reserved = 0; 97 ah->reserved = 0;
98 ah->spi = x->id.spi; 98 ah->spi = x->id.spi;
99 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); 99 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
100 100
101 spin_lock_bh(&x->lock); 101 spin_lock_bh(&x->lock);
102 err = ah_mac_digest(ahp, skb, ah->auth_data); 102 err = ah_mac_digest(ahp, skb, ah->auth_data);
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 258d17631b4b..091e6709f831 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -199,7 +199,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
199 } 199 }
200 200
201 esph->spi = x->id.spi; 201 esph->spi = x->id.spi;
202 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); 202 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
203 203
204 sg_init_table(sg, nfrags); 204 sg_init_table(sg, nfrags);
205 skb_to_sgvec(skb, sg, 205 skb_to_sgvec(skb, sg,
@@ -210,7 +210,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
210 aead_givcrypt_set_callback(req, 0, esp_output_done, skb); 210 aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
211 aead_givcrypt_set_crypt(req, sg, sg, clen, iv); 211 aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
212 aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); 212 aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
213 aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq); 213 aead_givcrypt_set_giv(req, esph->enc_data,
214 XFRM_SKB_CB(skb)->seq.output);
214 215
215 ESP_SKB_CB(skb)->tmp = tmp; 216 ESP_SKB_CB(skb)->tmp = tmp;
216 err = crypto_aead_givencrypt(req); 217 err = crypto_aead_givencrypt(req);
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 379c8e04c36c..2ff0c8233e47 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -283,7 +283,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
283 283
284 ah->reserved = 0; 284 ah->reserved = 0;
285 ah->spi = x->id.spi; 285 ah->spi = x->id.spi;
286 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); 286 ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
287 287
288 spin_lock_bh(&x->lock); 288 spin_lock_bh(&x->lock);
289 err = ah_mac_digest(ahp, skb, ah->auth_data); 289 err = ah_mac_digest(ahp, skb, ah->auth_data);
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 8e0f1428c716..0ec1402320ea 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -188,7 +188,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
188 *skb_mac_header(skb) = IPPROTO_ESP; 188 *skb_mac_header(skb) = IPPROTO_ESP;
189 189
190 esph->spi = x->id.spi; 190 esph->spi = x->id.spi;
191 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); 191 esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);
192 192
193 sg_init_table(sg, nfrags); 193 sg_init_table(sg, nfrags);
194 skb_to_sgvec(skb, sg, 194 skb_to_sgvec(skb, sg,
@@ -199,7 +199,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
199 aead_givcrypt_set_callback(req, 0, esp_output_done, skb); 199 aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
200 aead_givcrypt_set_crypt(req, sg, sg, clen, iv); 200 aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
201 aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); 201 aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
202 aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq); 202 aead_givcrypt_set_giv(req, esph->enc_data,
203 XFRM_SKB_CB(skb)->seq.output);
203 204
204 ESP_SKB_CB(skb)->tmp = tmp; 205 ESP_SKB_CB(skb)->tmp = tmp;
205 err = crypto_aead_givencrypt(req); 206 err = crypto_aead_givencrypt(req);
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 4d6ebc633a94..62188c6a06dd 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -109,7 +109,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
109 if (encap_type < 0) { 109 if (encap_type < 0) {
110 async = 1; 110 async = 1;
111 x = xfrm_input_state(skb); 111 x = xfrm_input_state(skb);
112 seq = XFRM_SKB_CB(skb)->seq; 112 seq = XFRM_SKB_CB(skb)->seq.input;
113 goto resume; 113 goto resume;
114 } 114 }
115 115
@@ -175,7 +175,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
175 175
176 spin_unlock(&x->lock); 176 spin_unlock(&x->lock);
177 177
178 XFRM_SKB_CB(skb)->seq = seq; 178 XFRM_SKB_CB(skb)->seq.input = seq;
179 179
180 nexthdr = x->type->input(x, skb); 180 nexthdr = x->type->input(x, skb);
181 181
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index fc690368325f..569d377932c4 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -62,7 +62,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
62 } 62 }
63 63
64 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { 64 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
65 XFRM_SKB_CB(skb)->seq = ++x->replay.oseq; 65 XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq;
66 if (unlikely(x->replay.oseq == 0)) { 66 if (unlikely(x->replay.oseq == 0)) {
67 XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR); 67 XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR);
68 x->replay.oseq--; 68 x->replay.oseq--;