leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
edb2c3476d
linux/net/ipv4
History
sewookseo e22aa14866 net: Find dst with sk's xfrm policy not ctl_sk 
If we set XFRM security policy by calling setsockopt with option
IPV6_XFRM_POLICY, the policy will be stored in 'sock_policy' in 'sock'
struct. However tcp_v6_send_response doesn't look up dst_entry with the
actual socket but looks up with tcp control socket. This may cause a
problem that a RST packet is sent without ESP encryption & peer's TCP
socket can't receive it.
This patch will make the function look up dest_entry with actual socket,
if the socket has XFRM policy(sock_policy), so that the TCP response
packet via this function can be encrypted, & aligned on the encrypted
TCP socket.

Tested: We encountered this problem when a TCP socket which is encrypted
in ESP transport mode encryption, receives challenge ACK at SYN_SENT
state. After receiving challenge ACK, TCP needs to send RST to
establish the socket at next SYN try. But the RST was not encrypted &
peer TCP socket still remains on ESTABLISHED state.
So we verified this with test step as below.
[Test step]
1. Making a TCP state mismatch between client(IDLE) & server(ESTABLISHED).
2. Client tries a new connection on the same TCP ports(src & dst).
3. Server will return challenge ACK instead of SYN,ACK.
4. Client will send RST to server to clear the SOCKET.
5. Client will retransmit SYN to server on the same TCP ports.
[Expected result]
The TCP connection should be established.

Cc: Maciej Żenczykowski <maze@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Sehee Lee <seheele@google.com>
Signed-off-by: Sewook Seo <sewookseo@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-11 13:39:56 +01:00
..
bpfilter
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 2022-05-16 10:10:37 +01:00
af_inet.c net: Introduce a new proto_ops ->read_skb() 2022-06-20 14:05:52 +02:00
ah4.c
arp.c net, neigh: introduce interval_probe_time_ms for periodic probe 2022-06-30 13:14:35 +02:00
bpf_tcp_ca.c bpf: Require only one of cong_avoid() and cong_control() from a TCP CC 2022-06-23 09:49:57 -07:00
cipso_ipv4.c
datagram.c ipv4: Avoid using RTO_ONLINK with ip_route_connect(). 2022-04-22 13:06:03 +01:00
devinet.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
esp4_offload.c net: Fix esp GSO on inter address family tunnels. 2022-03-07 13:14:04 +01:00
esp4.c net: helper function skb_len_add 2022-06-24 16:24:38 -07:00
fib_frontend.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
fib_lookup.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-02-17 11:44:20 -08:00
fib_notifier.c
fib_rules.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
fib_semantics.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
fib_trie.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
fou.c fou: Remove XRFM from NET_FOU Kconfig 2022-04-12 14:56:33 -07:00
gre_demux.c
gre_offload.c gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers 2021-11-24 17:21:42 -08:00
icmp.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
igmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-05 13:03:18 -07:00
inet_connection_sock.c Revert "net: Add a second bind table hashed by port and address" 2022-06-16 11:07:59 -07:00
inet_diag.c net: inet: Retire port only listening_hash 2022-05-12 16:52:18 -07:00
inet_fragment.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
inet_hashtables.c Revert "net: Add a second bind table hashed by port and address" 2022-06-16 11:07:59 -07:00
inet_timewait_sock.c Revert "tcp/dccp: get rid of inet_twsk_purge()" 2022-05-13 12:24:12 +01:00
inetpeer.c
ip_forward.c net: ip: add skb drop reasons to ip forwarding 2022-04-13 13:09:57 +01:00
ip_fragment.c net: ip: Handle delivery_time in ip defrag 2022-03-03 14:38:48 +00:00
ip_gre.c erspan: do not assume transport header is always set 2022-06-20 10:00:55 +01:00
ip_input.c net-core: rx_otherhost_dropped to core_stats 2022-04-07 20:32:49 -07:00
ip_options.c ipv4: drop fragmentation code from ip_options_build() 2022-01-29 17:53:07 +00:00
ip_output.c net: Find dst with sk's xfrm policy not ctl_sk 2022-07-11 13:39:56 +01:00
ip_sockglue.c ipv4: Exposing __ip_sock_set_tos() in ip.h 2021-11-20 14:11:00 +00:00
ip_tunnel_core.c tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() 2022-06-27 11:50:30 +01:00
ip_tunnel.c net: Handle l3mdev in ip_tunnel_init_flow 2022-04-15 14:27:30 -07:00
ip_vti.c
ipcomp.c
ipconfig.c net: ipconfig: use strscpy to replace strlcpy 2022-07-04 10:28:00 +01:00
ipip.c
ipmr_base.c ipmr: adopt rcu_read_lock() in mr_dump() 2022-06-24 11:34:38 +01:00
ipmr.c ipmr: fix a lockdep splat in ipmr_rtm_dumplink() 2022-06-27 12:01:01 +01:00
Kconfig fou: Remove XRFM from NET_FOU Kconfig 2022-04-12 14:56:33 -07:00
Makefile
metrics.c
netfilter.c netfilter: Use l3mdev flow key when re-routing mangled packets 2022-05-16 13:03:29 +02:00
netlink.c
nexthop.c nexthop: change nexthop_net_exit() to nexthop_net_exit_batch() 2022-02-08 20:41:33 -08:00
ping.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-06-23 12:33:24 -07:00
proc.c tcp: allocate tcp_death_row outside of struct netns_ipv4 2022-01-26 19:00:31 -08:00
protocol.c
raw_diag.c raw: complete rcu conversion 2022-06-21 11:38:29 +02:00
raw.c raw: fix a typo in raw_icmp_error() 2022-06-24 22:48:33 -07:00
route.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
syncookies.c tcp: make sure treq->af_specific is initialized 2022-04-25 12:10:11 +01:00
sysctl_net_ipv4.c net: sysctl: introduce sysctl SYSCTL_THREE 2022-05-03 10:15:06 +02:00
tcp_bbr.c net: allow gso_max_size to exceed 65536 2022-05-16 10:18:55 +01:00
tcp_bic.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_bpf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-06-23 12:33:24 -07:00
tcp_cdg.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_cong.c tcp: Add tracepoint for tcp_set_ca_state 2022-04-07 20:33:15 -07:00
tcp_cubic.c tcp_cubic: make hystart_ack_delay() aware of BIG TCP 2022-05-16 10:18:56 +01:00
tcp_dctcp.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c
tcp_highspeed.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_htcp.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_hybla.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_illinois.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_input.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-06-17 19:35:19 -07:00
tcp_ipv4.c net: Find dst with sk's xfrm policy not ctl_sk 2022-07-11 13:39:56 +01:00
tcp_lp.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_metrics.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_minisocks.c tcp: md5: incorrect tcp_header_len for incoming connections 2022-04-22 15:05:59 -07:00
tcp_nv.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_offload.c net: move gro definitions to include/net/gro.h 2021-11-16 13:16:54 +00:00
tcp_output.c tcp: fix over estimation in sk_forced_mem_schedule() 2022-06-17 10:03:42 +01:00
tcp_rate.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-04-28 13:02:01 -07:00
tcp_recovery.c tcp: use tcp_skb_sent_after() instead in RACK 2022-04-30 13:56:46 +01:00
tcp_scalable.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_timer.c net: keep sk->sk_forward_alloc as small as possible 2022-06-10 16:21:27 -07:00
tcp_ulp.c
tcp_vegas.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_vegas.h
tcp_veno.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_westwood.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp_yeah.c tcp: add accessors to read/set tp->snd_cwnd 2022-04-06 12:05:41 -07:00
tcp.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-07-09 12:24:16 -07:00
tunnel4.c
udp_bpf.c net: remove noblock parameter from recvmsg() entities 2022-04-12 15:00:25 +02:00
udp_diag.c
udp_impl.h net: remove noblock parameter from recvmsg() entities 2022-04-12 15:00:25 +02:00
udp_offload.c gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers 2021-11-24 17:21:42 -08:00
udp_tunnel_core.c
udp_tunnel_nic.c udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() 2022-02-23 12:35:00 +00:00
udp_tunnel_stub.c
udp.c skmsg: Get rid of skb_clone() 2022-06-20 14:05:52 +02:00
udplite.c net: add per_cpu_fw_alloc field to struct proto 2022-06-10 16:21:26 -07:00
xfrm4_input.c
xfrm4_output.c
xfrm4_policy.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
xfrm4_protocol.c net: xfrm: unexport __init-annotated xfrm4_protocol_init() 2022-06-08 10:10:13 -07:00
xfrm4_state.c
xfrm4_tunnel.c