forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include/net
History
Steffen Klassert 7218addc4b xfrm: Workaround incompatibility of ESN and async crypto 
[ Upstream commit 3b59df46a4 ]

ESN for esp is defined in RFC 4303. This RFC assumes that the
sequence number counters are always up to date. However,
this is not true if an async crypto algorithm is employed.

If the sequence number counters are not up to date on sequence
number check, we may incorrectly update the upper 32 bit of
the sequence number. This leads to a DOS.

We workaround this by comparing the upper sequence number,
(used for authentication) with the upper sequence number
computed after the async processing. We drop the packet
if these numbers are different.

To do this, we introduce a recheck function that does this
check in the ESN case.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-13 05:28:03 +09:00
..
9p fs/9p: Use protocol-defined value for lock/getlock 'type' field. 2011-10-03 11:40:22 -07:00
bluetooth Bluetooth: hci_core: fix NULL-pointer dereference at unregister 2012-04-22 16:21:42 -07:00
caif caif: Update documentation of CAIF transmit and receive functions. 2011-05-22 20:11:48 -04:00
irda Fix common misspellings 2011-03-31 11:26:23 -03:00
iucv Fix common misspellings 2011-03-31 11:26:23 -03:00
netfilter netfilter: nf_nat: avoid double seq_adjust for loopback 2011-06-16 17:29:22 +02:00
netns netns: Fail conspicously if someone uses net_generic at an inappropriate time. 2012-02-03 09:19:03 -08:00
phonet net: dont hold rtnl mutex during netlink dump callbacks 2011-05-02 15:26:28 -07:00
sctp sctp: check cached dst before using it 2012-06-10 00:33:03 +09:00
tc_act net/sched: add ACT_CSUM action to update packets checksums 2010-08-20 01:42:59 -07:00
act_api.h pkt_sched: gen_kill_estimator() rcu fixes 2010-06-11 18:37:08 -07:00
addrconf.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
af_ieee802154.h
af_rxrpc.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
af_unix.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
ah.h ipsec: update MAX_AH_AUTH_LEN to support sha512 2011-01-13 21:48:25 -08:00
arp.h net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
atmclip.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
ax25.h
ax88796.h
cfg80211.h mac80211: fix rx->key NULL dereference during mic failure 2011-06-27 14:45:25 -04:00
checksum.h
cipso_ipv4.h cipso: handle CIPSO options correctly when NetLabel is disabled 2012-07-16 08:47:36 -07:00
cls_cgroup.h Merge commit 'v2.6.36-rc7' into core/rcu 2010-10-07 09:43:45 +02:00
compat.h net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
datalink.h
dcbevent.h net_dcb: add application notifiers 2010-12-31 10:47:46 -08:00
dcbnl.h dcbnl: add support for retrieving peer configuration - cee 2011-03-02 21:58:55 -08:00
dn.h decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dn_dev.h decnet: RCU conversion and get rid of dev_base_lock 2010-11-08 13:50:08 -08:00
dn_fib.h decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dn_neigh.h
dn_nsp.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
dn_route.h decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dsa.h
dsfield.h
dst.h ipv6: fix incorrect ipsec fragment 2012-06-10 00:33:02 +09:00
dst_ops.h net: Implement read-only protection and COW'ing of metrics. 2011-01-26 20:51:05 -08:00
esp.h
ethoc.h
fib_rules.h fib_rules: __rcu annotates ctarget 2010-10-27 11:37:32 -07:00
flow.h ipv4: reset flowi parameters on route connect 2012-02-29 16:34:03 -08:00
garp.h garp: remove last synchronize_rcu() call 2011-05-12 17:46:56 -04:00
gen_stats.h Fix common misspellings 2011-03-31 11:26:23 -03:00
genetlink.h treewide: fix a few typos in comments 2011-05-10 10:16:21 +02:00
gre.h PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol) 2010-08-21 23:05:39 -07:00
icmp.h inetpeer: Move ICMP rate limiting state into inet_peer entries. 2011-02-04 15:59:53 -08:00
ieee80211_radiotap.h mac80211: add MCS information to radiotap 2011-01-28 15:44:29 -05:00
ieee802154.h
ieee802154_netdev.h
if_inet6.h ipv6: reduce per device ICMP mib sizes 2011-05-19 16:21:22 -04:00
inet6_connection_sock.h inet: Pass flowi to ->queue_xmit(). 2011-05-08 15:28:28 -07:00
inet6_hashtables.h
inet_common.h inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage() 2010-07-12 20:21:46 -07:00
inet_connection_sock.h ipv4: Make caller provide flowi4 key to inet_csk_route_req(). 2011-05-18 18:32:03 -04:00
inet_ecn.h ipv6: restore correct ECN handling on TCP xmit 2011-05-12 18:52:14 -04:00
inet_frag.h fragment: add fast path for in-order fragments 2010-06-30 13:44:29 -07:00
inet_hashtables.h tproxy: fix hash locking issue when using port redirection in __inet_inherit_port() 2010-10-21 13:06:43 +02:00
inet_sock.h ipv4: Save nexthop address of LSRR/SSRR option to IPCB. 2012-02-29 16:34:02 -08:00
inet_timewait_sock.h net: optimize INET input path further 2010-12-09 20:05:58 -08:00
inetpeer.h inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ip.h ipv4: Pass explicit daddr arg to ip_send_reply(). 2011-05-10 13:32:46 -07:00
ip6_checksum.h
ip6_fib.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
ip6_route.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
ip6_tunnel.h tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
ip_fib.h ipv4: Call fib_select_default() only when actually necessary. 2011-04-14 15:05:22 -07:00
ip_vs.h IPVS: bug in ip_vs_ftp, same list heaad used in all netns. 2011-05-27 13:37:46 +02:00
ipcomp.h
ipconfig.h
ipip.h tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
ipv6.h ipv6: fix NULL dereference in udp6_ufo_fragment() 2011-10-16 14:14:54 -07:00
ipx.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
iw_handler.h Fix common misspellings 2011-03-31 11:26:23 -03:00
lapb.h
lib80211.h lib80211: remove unused host_build_iv option 2010-07-26 15:09:04 -04:00
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h bonding,llc: Fix structure sizeof incompatibility for some PDUs 2011-05-13 15:13:24 -04:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
mac80211.h Merge ssh://master.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-05-24 16:47:54 -04:00
mip6.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
mld.h ipv6 mcast: Introduce include/net/mld.h for MLD definitions. 2010-04-23 13:35:55 +09:00
ndisc.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
neighbour.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-11-19 13:13:47 -08:00
net_namespace.h Delay struct net freeing while there's a sysfs instance refering to it 2011-06-12 17:45:41 -04:00
net_ratelimit.h net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00
netdma.h
netevent.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
netlabel.h
netlink.h treewide: fix a few typos in comments 2011-05-10 10:16:21 +02:00
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h net: ping: fix build failure 2011-05-17 14:16:58 -04:00
pkt_cls.h net: Fix range checks in tcf_valid_offset(). 2010-12-21 12:43:16 -08:00
pkt_sched.h Fix common misspellings 2011-03-31 11:26:23 -03:00
protocol.h net: change netdev->features to u32 2011-01-24 15:32:47 -08:00
psnap.h
raw.h include/net/raw.h: Convert raw_seq_private macro to inline 2010-09-08 13:42:22 -07:00
rawv6.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
red.h sched: remove unused backlog in RED stats 2011-01-12 19:00:39 -08:00
regulatory.h cfg80211: Fix regulatory bug with multiple cards and delays 2010-11-22 15:48:51 -05:00
request_sock.h
rose.h rose: Add length checks to CALL_REQUEST parsing 2011-03-27 17:59:04 -07:00
route.h ipv4: reset flowi parameters on route connect 2012-02-29 16:34:03 -08:00
rtnetlink.h rtnl: make link af-specific updates atomic 2010-11-27 22:56:08 -08:00
sch_generic.h bonding: Fix corrupted queue_mapping 2012-07-16 08:47:37 -07:00
scm.h scm: lower SCM_MAX_FD 2010-11-24 11:16:43 -08:00
secure_seq.h net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
slhc_vj.h
snmp.h ipv6: reduce per device ICMP mib sizes 2011-05-19 16:21:22 -04:00
sock.h tcp: Apply device TSO segment limit earlier 2012-10-02 09:47:04 -07:00
stp.h
tcp.h tcp: Remove debug macro of TCP_CHECK_TIMER 2011-02-20 11:10:14 -08:00
tcp_states.h
timewait_sock.h timewait_sock: Create and use getpeer op. 2010-12-01 18:09:13 -08:00
transp_v6.h ipv6: make fragment identifications less predictable 2011-08-15 18:31:37 -07:00
udp.h udp: Switch to ip_finish_skb 2011-03-01 12:35:03 -08:00
udplite.h udp: Switch to ip_finish_skb 2011-03-01 12:35:03 -08:00
wext.h
wimax.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
wpan-phy.h Fix common misspellings 2011-03-31 11:26:23 -03:00
x25.h X25 remove bkl in subscription ioctls 2010-11-28 11:12:20 -08:00
x25device.h X25: Add if_x25.h and x25 to device identifiers 2010-04-22 16:12:36 -07:00
xfrm.h xfrm: Workaround incompatibility of ESN and async crypto 2012-10-13 05:28:03 +09:00