projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a4a87fa) | patch
xfrm: Add dir validation to "out" data path lookup
authorAntony Antony <antony.antony@secunet.com>
Tue, 30 Apr 2024 07:09:09 +0000 (09:09 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Wed, 1 May 2024 08:05:52 +0000 (10:05 +0200)
commit601a0867f86cbb5e137ce485a7eb60cbf9fc5180
tree2ca97abbe49a1d896fe6bd0a0a0e3e1eba54e762tree | snapshot
parenta4a87fa4e96c7746e009de06a567688fd9af6013commit | diff
xfrm: Add dir validation to "out" data path lookup

Introduces validation for the x->dir attribute within the XFRM output
data lookup path. If the configured direction does not match the expected
direction, output, increment the XfrmOutStateDirError counter and drop
the packet to ensure data integrity and correct flow handling.

grep -vw 0 /proc/net/xfrm_stat
XfrmOutPolError          1
XfrmOutStateDirError     1

Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Documentation/networking/xfrm_proc.rst diff | blob | history
include/uapi/linux/snmp.h diff | blob | history
net/xfrm/xfrm_policy.c diff | blob | history
net/xfrm/xfrm_proc.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git