android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e1d637a361
android_kernel_samsung_sm8650/net/xfrm
History
Benedict Wong 952048f512 FROMGIT: xfrm: Check if_id in inbound policy/secpath match 
This change ensures that if configured in the policy, the if_id set in
the policy and secpath states match during the inbound policy check.
Without this, there is potential for ambiguity where entries in the
secpath differing by only the if_id could be mismatched.

Notably, this is checked in the outbound direction when resolving
templates to SAs, but not on the inbound path when matching SAs and
policies.

Test: Tested against Android kernel unit tests & CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Bug: 279217934
(cherry picked from commit 8680407b6f8f5fba59e8f1d63c869abc280f04df
 https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master)
Change-Id: Ibb97561eaf1a99b7ad239d4d4860bfe5b0ac20ea
Signed-off-by: Carlos Llamas <cmllamas@google.com>
2023-05-12 16:23:38 +00:00
..
espintcp.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: Provide API to register translator module 2020-09-24 08:53:03 +02:00
xfrm_algo.c ANDROID: introduce CONFIG_GKI_NET_XFRM_HACKS 2022-10-11 19:37:27 +00:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-02-14 19:11:42 +01:00
xfrm_device.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c FROMLIST: xfrm: Skip checking of already-verified secpath entries 2023-04-14 12:37:23 +00:00
xfrm_interface.c Revert "Fix XFRM-I support for nested ESP tunnels" 2023-04-14 12:37:23 +00:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm_output.c ANDROID: revert core of "xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume" 2023-03-02 19:03:37 +00:00
xfrm_policy.c FROMGIT: xfrm: Check if_id in inbound policy/secpath match 2023-05-12 16:23:38 +00:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state.c Merge 6.1.21 into android14-6.1 2023-03-24 08:47:17 +00:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c This is the 6.1.23 stable release 2023-04-06 14:14:07 +00:00