user/sven/linux.git/include/linux/xfrm.h, branch v3.4.15

xfrm_user: ensure user supplied esn replay window is valid

2012-10-12T20:38:41Z

[ Upstream commit ecd7918745234e423dd87fcc0c077da557909720 ] The current code fails to ensure that the netlink message actually contains as many bytes as the header indicates. If a user creates a new state or updates an existing one but does not supply the bytes for the whole ESN replay window, the kernel copies random heap bytes into the replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL netlink attribute. This leads to following issues: 1. The replay window has random bits set confusing the replay handling code later on. 2. A malicious user could use this flaw to leak up to ~3.5kB of heap memory when she has access to the XFRM netlink interface (requires CAP_NET_ADMIN). Known users of the ESN replay window are strongSwan and Steffen's iproute2 patch (). The latter uses the interface with a bitmap supplied while the former does not. strongSwan is therefore prone to run into issue 1. To fix both issues without breaking existing userland allow using the XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a fully specified one. For the former case we initialize the in-kernel bitmap with zero, for the latter we copy the user supplied bitmap. For state updates the full bitmap must be supplied. To prevent overflows in the bitmap length calculation the maximum size of bmp_len is limited to 128 by this patch -- resulting in a maximum replay window of 4096 packets. This should be sufficient for all real life scenarios (RFC 4303 recommends a default replay window size of 64). Signed-off-by: Mathias Krause Cc: Steffen Klassert Cc: Martin Willi Cc: Ben Hutchings Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman

xfrm: Add basic infrastructure to support IPsec extended sequence numbers

2011-03-14T03:22:28Z

This patch adds the struct xfrm_replay_state_esn which will be used to support IPsec extended sequence numbers and anti replay windows bigger than 32 packets. Also we add a function that returns the actual size of the xfrm_replay_state_esn, a xfrm netlink atribute and a xfrm state flag for the use of extended sequence numbers. Signed-off-by: Steffen Klassert Acked-by: Herbert Xu Signed-off-by: David S. Miller

ipsec: allow to align IPv4 AH on 32 bits

2011-02-08T22:00:40Z

The Linux IPv4 AH stack aligns the AH header on a 64 bit boundary (like in IPv6). This is not RFC compliant (see RFC4302, Section 3.3.3.2.1), it should be aligned on 32 bits. For most of the authentication algorithms, the ICV size is 96 bits. The AH header alignment on 32 or 64 bits gives the same results. However for SHA-256-128 for instance, the wrong 64 bit alignment results in adding useless padding in IPv4 AH, which is forbidden by the RFC. To avoid breaking backward compatibility, we use a new flag (XFRM_STATE_ALIGN4) do change original behavior. Initial patch from Dang Hongwu and Christophe Gouault . Signed-off-by: Nicolas Dichtel Signed-off-by: David S. Miller

xfrm: Add Traffic Flow Confidentiality padding XFRM attribute

2010-12-10T22:43:58Z

The XFRMA_TFCPAD attribute for XFRM state installation configures Traffic Flow Confidentiality by padding ESP packets to a specified length. Signed-off-by: Martin Willi Acked-by: Herbert Xu Signed-off-by: David S. Miller

xfrm: introduce basic mark infrastructure

2010-02-23T00:19:45Z

Add basic structuring and accessors for xfrm mark Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller

xfrm: Define new XFRM netlink auth attribute with specified truncation bits

2009-11-25T23:48:37Z

The new XFRMA_ALG_AUTH_TRUNC attribute taking a xfrm_algo_auth as argument allows the installation of authentication algorithms with a truncation length specified in userspace, i.e. SHA256 with 128 bit instead of 96 bit truncation. Signed-off-by: Martin Willi Signed-off-by: David S. Miller

net: cleanup include/linux

2009-11-04T17:50:58Z

This cleanup patch puts struct/union/enum opening braces, in first line to ease grep games. struct something { becomes : struct something { Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller

make exported headers use strict posix types

2009-03-26T17:14:14Z

A number of standard posix types are used in exported headers, which is not allowed if __STRICT_KERNEL_NAMES is defined. In order to get rid of the non-__STRICT_KERNEL_NAMES part and to make sane headers the default, we have to change them all to safe types. There are also still some leftovers in reiserfs_fs.h, elfcore.h and coda.h, but these files have not compiled in user space for a long time. This leaves out the various integer types ({u_,u,}int{8,16,32,64}_t), which we take care of separately. Signed-off-by: Arnd Bergmann Acked-by: Mauro Carvalho Chehab Cc: David Airlie Cc: Arnaldo Carvalho de Melo Cc: YOSHIFUJI Hideaki Cc: netdev@vger.kernel.org Cc: linux-ppp@vger.kernel.org Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: David Woodhouse Signed-off-by: H. Peter Anvin Signed-off-by: Ingo Molnar

xfrm: Notify changes in UDP encapsulation via netlink

2008-10-28T23:01:07Z

Add new_mapping() implementation to the netlink xfrm_mgr to notify address/port changes detected in UDP encapsulated ESP packets. Signed-off-by: Martin Willi Signed-off-by: David S. Miller

xfrm: MIGRATE enhancements (draft-ebalard-mext-pfkey-enhanced-migrate)

2008-10-05T20:33:42Z

Provides implementation of the enhancements of XFRM/PF_KEY MIGRATE mechanism specified in draft-ebalard-mext-pfkey-enhanced-migrate-00. Defines associated PF_KEY SADB_X_EXT_KMADDRESS extension and XFRM/netlink XFRMA_KMADDRESS attribute. Signed-off-by: Arnaud Ebalard Signed-off-by: David S. Miller