Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b318e0e4 authored Feb 12, 2008 by Herbert Xu Committed by David S. Miller Feb 12, 2008

[IPSEC]: Fix bogus usage of u64 on input sequence number



Al Viro spotted a bogus use of u64 on the input sequence number which
is big-endian.  This patch fixes it by giving the input sequence number
its own member in the xfrm_skb_cb structure.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 45b50354

include/net/xfrm.h

+4 −1

Original line number	Original line	Diff line number	Diff line
	@@ -508,7 +508,10 @@ struct xfrm_skb_cb {
	} header;		} header;

	/* Sequence number for replay protection. */		/* Sequence number for replay protection. */
	u64 seq;		union {
			u64 output;
			__be32 input;
			} seq;
	};		};

	#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))		#define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))

net/ipv4/ah4.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -96,7 +96,7 @@ static int ah_output(struct xfrm_state x, struct sk_buff skb)

	ah->reserved = 0;		ah->reserved = 0;
	ah->spi = x->id.spi;		ah->spi = x->id.spi;
	ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);		ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);

	spin_lock_bh(&x->lock);		spin_lock_bh(&x->lock);
	err = ah_mac_digest(ahp, skb, ah->auth_data);		err = ah_mac_digest(ahp, skb, ah->auth_data);

net/ipv4/esp4.c

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -199,7 +199,7 @@ static int esp_output(struct xfrm_state x, struct sk_buff skb)
	}		}

	esph->spi = x->id.spi;		esph->spi = x->id.spi;
	esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);

	sg_init_table(sg, nfrags);		sg_init_table(sg, nfrags);
	skb_to_sgvec(skb, sg,		skb_to_sgvec(skb, sg,
	@@ -210,7 +210,8 @@ static int esp_output(struct xfrm_state x, struct sk_buff skb)
	aead_givcrypt_set_callback(req, 0, esp_output_done, skb);		aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
	aead_givcrypt_set_crypt(req, sg, sg, clen, iv);		aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
	aead_givcrypt_set_assoc(req, asg, sizeof(*esph));		aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
	aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq);		aead_givcrypt_set_giv(req, esph->enc_data,
			XFRM_SKB_CB(skb)->seq.output);

	ESP_SKB_CB(skb)->tmp = tmp;		ESP_SKB_CB(skb)->tmp = tmp;
	err = crypto_aead_givencrypt(req);		err = crypto_aead_givencrypt(req);

net/ipv6/ah6.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -283,7 +283,7 @@ static int ah6_output(struct xfrm_state x, struct sk_buff skb)

	ah->reserved = 0;		ah->reserved = 0;
	ah->spi = x->id.spi;		ah->spi = x->id.spi;
	ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);		ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);

	spin_lock_bh(&x->lock);		spin_lock_bh(&x->lock);
	err = ah_mac_digest(ahp, skb, ah->auth_data);		err = ah_mac_digest(ahp, skb, ah->auth_data);

net/ipv6/esp6.c

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -188,7 +188,7 @@ static int esp6_output(struct xfrm_state x, struct sk_buff skb)
	*skb_mac_header(skb) = IPPROTO_ESP;		*skb_mac_header(skb) = IPPROTO_ESP;

	esph->spi = x->id.spi;		esph->spi = x->id.spi;
	esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq);		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output);

	sg_init_table(sg, nfrags);		sg_init_table(sg, nfrags);
	skb_to_sgvec(skb, sg,		skb_to_sgvec(skb, sg,
	@@ -199,7 +199,8 @@ static int esp6_output(struct xfrm_state x, struct sk_buff skb)
	aead_givcrypt_set_callback(req, 0, esp_output_done, skb);		aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
	aead_givcrypt_set_crypt(req, sg, sg, clen, iv);		aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
	aead_givcrypt_set_assoc(req, asg, sizeof(*esph));		aead_givcrypt_set_assoc(req, asg, sizeof(*esph));
	aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq);		aead_givcrypt_set_giv(req, esph->enc_data,
			XFRM_SKB_CB(skb)->seq.output);

	ESP_SKB_CB(skb)->tmp = tmp;		ESP_SKB_CB(skb)->tmp = tmp;
	err = crypto_aead_givencrypt(req);		err = crypto_aead_givencrypt(req);