netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Subject: [PATCH net] drivers: net: mlx5: Fix *_ipsec_offload_ok(): Use, ip_hdr family
@ 2020-10-26 14:47 Christian Langrock
  0 siblings, 0 replies; only message in thread
From: Christian Langrock @ 2020-10-26 14:47 UTC (permalink / raw)
  To: David S. Miller, netdev, borisp, saeedm, leon, kuba


[-- Attachment #1.1: Type: text/plain, Size: 1897 bytes --]

Xfrm_dev_offload_ok() is called with the unencrypted SKB. So in case of
interfamily ipsec traffic (IPv4-in-IPv6 and IPv6 in IPv4) the check
assumes the wrong family of the skb (IP family of the state).
With this patch the ip header of the SKB is used to determine the
family.

Signed-off-by: Christian Langrock <christian.langrock@secunet.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 3d45341e2216..0bab1ceb745c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -460,7 +460,7 @@ void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv)
 
 static bool mlx5e_ipsec_offload_ok(struct sk_buff *skb, struct
xfrm_state *x)
 {
-       if (x->props.family == AF_INET) {
+       if (ip_hdr(skb)->version == 4) {
                /* Offload with IPv4 options is not supported yet */
                if (ip_hdr(skb)->ihl > 5)
                        return false;
-- 
2.29.1.1.g2e673356ae

-- 
Dipl.-Inf.(FH) Christian Langrock
Senior Consultant
Network & Client Security
Division Public Authorities
secunet Security Networks AG 


Phone: +49 201 5454-3833 
E-Mail: christian.langrock@secunet.com

Ammonstraße 74 
01067 Dresden, Germany
www.secunet.com

______________________________________________________________________

Registered at: Kurfuerstenstrasse 58, 45138 Essen, Germany 
Amtsgericht Essen HRB 13615
Management Board: Dr Rainer Baumgart (CEO), Thomas Pleines 
Chairman of Supervisory Board: Ralf Wintergerst
______________________________________________________________________



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2020-10-26 14:48 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-26 14:47 Subject: [PATCH net] drivers: net: mlx5: Fix *_ipsec_offload_ok(): Use, ip_hdr family Christian Langrock

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).