tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

xfrm: Move the test on replay window size into the replay check functions

As it is, the replay check is just performed if the replay window of the
legacy implementation is nonzero. So we move the test on a nonzero replay
window inside the replay check functions to be sure we are testing for the
right implementation.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Steffen Klassert and committed by David S. Miller 36ae0148 72f49050

+16 -3
unified split
+1 -1
net/xfrm/xfrm_input.c
··· 173 goto drop_unlock; 174 } 175 176 - if (x->props.replay_window && x->repl->check(x, skb, seq)) { 177 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); 178 goto drop_unlock; 179 }
··· 173 goto drop_unlock; 174 } 175 176 + if (x->repl->check(x, skb, seq)) { 177 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); 178 goto drop_unlock; 179 }
+15 -2
net/xfrm/xfrm_replay.c
··· 118 u32 diff; 119 u32 seq = ntohl(net_seq); 120 121 if (unlikely(seq == 0)) 122 goto err; 123 ··· 196 { 197 unsigned int bitnr, nr; 198 struct xfrm_replay_state_esn *replay_esn = x->replay_esn; 199 u32 seq = ntohl(net_seq); 200 u32 diff = replay_esn->seq - seq; 201 - u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; 202 203 if (unlikely(seq == 0)) 204 goto err; ··· 381 unsigned int bitnr, nr; 382 u32 diff; 383 struct xfrm_replay_state_esn *replay_esn = x->replay_esn; 384 u32 seq = ntohl(net_seq); 385 - u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; 386 u32 wsize = replay_esn->replay_window; 387 u32 top = replay_esn->seq; 388 u32 bottom = top - wsize + 1; 389 390 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 && 391 (replay_esn->seq < replay_esn->replay_window - 1)))
··· 118 u32 diff; 119 u32 seq = ntohl(net_seq); 120 121 + if (!x->props.replay_window) 122 + return 0; 123 + 124 if (unlikely(seq == 0)) 125 goto err; 126 ··· 193 { 194 unsigned int bitnr, nr; 195 struct xfrm_replay_state_esn *replay_esn = x->replay_esn; 196 + u32 pos; 197 u32 seq = ntohl(net_seq); 198 u32 diff = replay_esn->seq - seq; 199 + 200 + if (!replay_esn->replay_window) 201 + return 0; 202 + 203 + pos = (replay_esn->seq - 1) % replay_esn->replay_window; 204 205 if (unlikely(seq == 0)) 206 goto err; ··· 373 unsigned int bitnr, nr; 374 u32 diff; 375 struct xfrm_replay_state_esn *replay_esn = x->replay_esn; 376 + u32 pos; 377 u32 seq = ntohl(net_seq); 378 u32 wsize = replay_esn->replay_window; 379 u32 top = replay_esn->seq; 380 u32 bottom = top - wsize + 1; 381 + 382 + if (!wsize) 383 + return 0; 384 + 385 + pos = (replay_esn->seq - 1) % replay_esn->replay_window; 386 387 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 && 388 (replay_esn->seq < replay_esn->replay_window - 1)))