diff options
| author |  Antony Antony <antony.antony@secunet.com>
| 2024-04-30 09:09:29 +0200 |
|---|---|---|
| committer |  Steffen Klassert <steffen.klassert@secunet.com>
| 2024-05-01 10:06:27 +0200 |
| commit | 304b44f0d5a4c2f91f82f7c31538d00485fb484c (patch) | |
| tree | cf8a804020173cc515fe9d0f78ef419ee703f2fc /Documentation/networking | |
| parent | xfrm: Add dir validation to "out" data path lookup (diff) | |
| download | linux-304b44f0d5a4c2f91f82f7c31538d00485fb484c.tar.gz linux-304b44f0d5a4c2f91f82f7c31538d00485fb484c.tar.bz2 linux-304b44f0d5a4c2f91f82f7c31538d00485fb484c.zip | |
xfrm: Add dir validation to "in" data path lookup
Introduces validation for the x->dir attribute within the XFRM input
data lookup path. If the configured direction does not match the
expected direction, input, increment the XfrmInStateDirError counter
and drop the packet to ensure data integrity and correct flow handling.
grep -vw 0 /proc/net/xfrm_stat
XfrmInStateDirError 1
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'Documentation/networking')
| -rw-r--r-- | Documentation/networking/xfrm_proc.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/networking/xfrm_proc.rst b/Documentation/networking/xfrm_proc.rst index 5ac3acf4cf51..973d1571acac 100644 --- a/Documentation/networking/xfrm_proc.rst +++ b/Documentation/networking/xfrm_proc.rst @@ -73,6 +73,9 @@ XfrmAcquireError: XfrmFwdHdrError: Forward routing of a packet is not allowed +XfrmInStateDirError: + State direction mismatch (lookup found an output state on the input path, expected input or no direction) + Outbound errors ~~~~~~~~~~~~~~~ XfrmOutError: |