linux/net
Ilan Tayari 8f92e03ecc esp4/6: Fix GSO path for non-GSO SW-crypto packets
If esp*_offload module is loaded, outbound packets take the
GSO code path, being encapsulated at layer 3, but encrypted
in layer 2. validate_xmit_xfrm calls esp*_xmit for that.

esp*_xmit was wrongfully detecting these packets as going
through hardware crypto offload, while in fact they should
be encrypted in software, causing plaintext leakage to
the network, and also dropping at the receiver side.

Perform the encryption in esp*_xmit, if the SA doesn't have
a hardware offload_handle.

Also, align esp6 code to esp4 logic.

Fixes: fca11ebde3 ("esp4: Reorganize esp_output")
Fixes: 383d0350f2 ("esp6: Reorganize esp_output")
Signed-off-by: Ilan Tayari <ilant@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2017-04-19 07:48:57 +02:00
..
6lowpan 6lowpan: use rb_entry() 2017-01-22 16:46:13 -05:00
9p Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-03-03 21:44:35 -08:00
802 Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
8021q net/8021q: create device with all possible features in wanted_features 2017-03-21 15:26:26 -07:00
appletalk lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
atm neighbour: fix nlmsg_pid in notifications 2017-03-22 10:48:49 -07:00
ax25 net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
batman-adv This feature/cleanup patchset includes the following patches: 2017-04-06 14:37:50 -07:00
bluetooth net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
bpf bpf: introduce BPF_PROG_TEST_RUN command 2017-04-01 12:45:57 -07:00
bridge net: break include loop netdevice.h, dsa.h, devlink.h 2017-03-28 22:46:04 -07:00
caif sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
can can: initial support for network namespaces 2017-04-04 17:35:58 +02:00
ceph libceph: force GFP_NOIO for socket allocations 2017-03-23 12:03:36 +01:00
core net: Add a xfrm validate function to validate_xmit_skb 2017-04-14 10:07:28 +02:00
dcb
dccp dccp: fix memory leak during tear-down of unsuccessful connection request 2017-03-13 22:00:42 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-03-15 11:59:10 -07:00
dns_resolver Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
dsa net: dsa: Factor bottom tag receive functions 2017-04-08 13:49:36 -07:00
ethernet Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2017-02-16 21:25:49 -05:00
hsr net/hsr: use eth_hw_addr_random() 2017-02-21 13:25:22 -05:00
ieee802154 lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
ife net: Introduce ife encapsulation module 2017-02-03 15:16:45 -05:00
ipv4 esp4/6: Fix GSO path for non-GSO SW-crypto packets 2017-04-19 07:48:57 +02:00
ipv6 esp4/6: Fix GSO path for non-GSO SW-crypto packets 2017-04-19 07:48:57 +02:00
ipx ktime: Get rid of the union 2016-12-25 17:21:22 +01:00
irda net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
iucv net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
kcm kcm: return immediately after copy_from_user() failure 2017-03-24 13:13:53 -07:00
key xfrm: remove unused struct xfrm_mgr::id 2017-03-24 07:03:12 +01:00
l2tp l2tp: remove l2tp_session_find() 2017-04-11 13:48:09 -04:00
l3mdev
lapb Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
llc net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
mac80211 mac80211: unconditionally start new netdev queues with iTXQ support 2017-03-29 14:20:40 +02:00
mac802154 drivers: add explicit interrupt.h includes 2017-03-30 11:05:34 -07:00
mpls net: mpls: Increase max number of labels for lwt encap 2017-04-01 20:21:44 -07:00
ncsi
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-06 08:24:51 -07:00
netlabel netlabel: add CALIPSO to the list of built-in protocols 2017-01-06 22:20:45 -05:00
netlink netlink/diag: report flags for netlink sockets 2017-04-05 07:13:56 -07:00
netrom net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
nfc net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-06 08:24:51 -07:00
packet net/packet: fix overflow in check for tp_reserve 2017-03-30 11:04:00 -07:00
phonet net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
psample net: Introduce psample, a new genetlink channel for packet sampling 2017-01-24 13:44:28 -05:00
qrtr soc: qcom: smd: Transition client drivers from smd to rpmsg 2017-03-28 17:58:07 -07:00
rds rds: tcp: canonical connection order for all paths with index > 0 2017-04-02 19:41:00 -07:00
rfkill rfkill: remove rfkill-regulator 2017-01-24 11:07:35 +01:00
rose net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
rxrpc rxrpc: Trace client call connection 2017-04-06 11:10:41 +01:00
sched net: sched: choke: remove some dead code 2017-04-05 06:53:42 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-06 08:24:51 -07:00
smc net/smc: do not use IB_SEND_INLINE together with mapped data 2017-04-11 23:01:14 -04:00
strparser strparser: destroy workqueue on module exit 2017-03-03 20:43:26 -08:00
sunrpc The restriction of NFSv4 to TCP went overboard and also broke the 2017-04-01 10:43:37 -07:00
switchdev
tipc tipc: allow rdm/dgram socketpairs 2017-03-29 14:10:11 -07:00
unix af_unix: Use designated initializers 2017-04-06 12:43:04 -07:00
vmw_vsock VSOCK: remove unnecessary ternary operator on return value 2017-03-30 11:07:08 -07:00
wimax
wireless cfg80211: check rdev resume callback only for registered wiphy 2017-03-29 09:11:29 +02:00
x25 net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
xfrm xfrm: Prepare the GRO codepath for hardware offloading. 2017-04-14 10:07:49 +02:00
compat.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-02-22 10:15:09 -08:00
Kconfig bpf: make jited programs visible in traces 2017-02-17 13:40:05 -05:00
Makefile bpf: introduce BPF_PROG_TEST_RUN command 2017-04-01 12:45:57 -07:00
socket.c New kernel function to get IP overhead on a socket. 2017-04-06 13:43:31 -07:00
sysctl_net.c