Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.2.y 2022-10-19T07:00:53Z 2022-10-19T07:00:53Z Christian Langrock christian.langrock@secunet.com 2022-10-17T06:34:47Z urn:sha1:4b549ccce941798703f159b227aa28c716aa78fa When using GSO it can happen that the wrong seq_hi is used for the last packets before the wrap around. This can lead to double usage of a sequence number. To avoid this, we should serialize this last GSO packet. Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading") Co-developed-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Christian Langrock <christian.langrock@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2022-08-29T08:20:58Z Sabrina Dubroca sd@queasysnail.net 2022-08-25T15:16:51Z urn:sha1:26dbd66eab8080be51759e48280da04015221e22 Commit 23c7f8d7989e ("net: Fix esp GSO on inter address family tunnels.") is incomplete. It passes to skb_eth_gso_segment the protocol for the outer IP version, instead of the inner IP version, so we end up calling inet_gso_segment on an inner IPv6 packet and ipv6_gso_segment on an inner IPv4 packet and the packets are dropped. This patch completes the fix by selecting the correct protocol based on the inner mode's family. Fixes: c35fe4106b92 ("xfrm: Add mode handlers for IPsec on layer 2") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2022-03-07T12:14:04Z Steffen Klassert steffen.klassert@secunet.com 2022-03-07T12:11:41Z urn:sha1:23c7f8d7989e1646aac82f75761b7648c355cb8a The esp tunnel GSO handlers use skb_mac_gso_segment to push the inner packet to the segmentation handlers. However, skb_mac_gso_segment takes the Ethernet Protocol ID from 'skb->protocol' which is wrong for inter address family tunnels. We fix this by introducing a new skb_eth_gso_segment function. This function can be used if it is necessary to pass the Ethernet Protocol ID directly to the segmentation handler. First users of this function will be the esp4 and esp6 tunnel segmentation handlers. Fixes: c35fe4106b92 ("xfrm: Add mode handlers for IPsec on layer 2") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2022-03-07T12:14:03Z Steffen Klassert steffen.klassert@secunet.com 2022-03-07T12:11:40Z urn:sha1:053c8fdf2c930efdff5496960842bbb5c34ad43a The xfrm{4,6}_beet_gso_segment() functions did not correctly set the SKB_GSO_IPXIP4 and SKB_GSO_IPXIP6 gso types for the address family tunneling case. Fix this by setting these gso types. Fixes: 384a46ea7bdc7 ("esp4: add gso_segment for esp4 beet mode") Fixes: 7f9e40eb18a99 ("esp6: add gso_segment for esp6 beet mode") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2021-11-16T13:16:54Z Eric Dumazet edumazet@google.com 2021-11-15T17:05:51Z urn:sha1:4721031c3559db8eae61df305f10c00099a7c1d0 include/linux/netdevice.h became too big, move gro stuff into include/net/gro.h Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-06-09T07:38:52Z Florian Westphal fw@strlen.de 2021-06-05T10:54:43Z urn:sha1:152bca090243f2aebbf4c0a2aa723ab610e6f3c4 Its set but never read. Reduces size of xfrm_type to 64 bytes on 64bit. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2021-05-14T11:44:39Z Yang Li yang.lee@linux.alibaba.com 2021-04-25T10:14:32Z urn:sha1:335a2a1fcefc948927e8c15636d9dc5d983b8f50 Making '!=' operation with 0 directly after calling the function xfrm_parse_spi() is more efficient, assignment to err is redundant. Eliminate the following clang_analyzer warning: net/ipv4/esp4_offload.c:41:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' No functional change, only more efficient. Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2021-03-29T07:14:12Z Steffen Klassert steffen.klassert@secunet.com 2021-03-26T08:44:48Z urn:sha1:c7dbf4c08868d9db89b8bfe8f8245ca61b01ed2f Commit 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec crypto offload.") added a XFRM_XMIT flag to avoid duplicate ESP trailer insertion on HW offload. This flag is set on the secpath that is shared amongst segments. This lead to a situation where some segments are not transformed correctly when segmentation happens at layer 3. Fix this by using private skb extensions for segmented and hw offloaded ESP packets. Fixes: 94579ac3f6d0 ("xfrm: Fix double ESP trailer insertion in IPsec crypto offload.") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2021-03-22T06:43:31Z Xin Long lucien.xin@gmail.com 2021-03-19T07:35:07Z urn:sha1:154deab6a3ba47792936edf77f2f13a1cbc4351d Now in esp4/6_gso_segment(), before calling inner proto .gso_segment, NETIF_F_CSUM_MASK bits are deleted, as HW won't be able to do the csum for inner proto due to the packet encrypted already. So the UDP/TCP packet has to do the checksum on its own .gso_segment. But SCTP is using CRC checksum, and for that NETIF_F_SCTP_CRC should be deleted to make SCTP do the csum in own .gso_segment as well. In Xiumei's testing with SCTP over IPsec/veth, the packets are kept dropping due to the wrong CRC checksum. Reported-by: Xiumei Mu <xmu@redhat.com> Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6") Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 2021-01-27T10:49:55Z Jiapeng Zhong abaci-bugfix@linux.alibaba.com 2021-01-25T06:41:46Z urn:sha1:0c87b1ac604518a0d3f527080c6883d5c2402fb4 Fix the following coccicheck warnings: ./net/ipv4/esp4_offload.c:288:32-34: WARNING !A || A && B is equivalent to !A || B. Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Jiapeng Zhong <abaci-bugfix@linux.alibaba.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>