commit: e08df46923d2bd4bbe40265500892faba4167635 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Thu Mar 4 14:51:43 2021 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Thu Mar 4 14:51:43 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e08df469
Update wireguard patch Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 2 +- ... => 2400_wireguard-backport-v1.0.20210304.patch | 247 --------------------- 2 files changed, 1 insertion(+), 248 deletions(-) diff --git a/0000_README b/0000_README index 4e6bf3e..f881b7b 100644 --- a/0000_README +++ b/0000_README @@ -463,7 +463,7 @@ Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/[email protected]/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 -Patch: 2400_wireguard-backport-v1.0.20210301.patch +Patch: 2400_wireguard-backport-v1.0.20210304.patch From: https://git.zx2c4.com/wireguard-linux/ Desc: Extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography diff --git a/2400_wireguard-backport-v1.0.20210301.patch b/2400_wireguard-backport-v1.0.20210304.patch similarity index 99% rename from 2400_wireguard-backport-v1.0.20210301.patch rename to 2400_wireguard-backport-v1.0.20210304.patch index 88ac1de..1292f3e 100644 --- a/2400_wireguard-backport-v1.0.20210301.patch +++ b/2400_wireguard-backport-v1.0.20210304.patch @@ -36387,253 +36387,6 @@ .byte (.Li - 64) .set .Li, .Li + 1 .endr ---- b/include/linux/icmpv6.h -+++ b/include/linux/icmpv6.h -@@ -3,6 +3,7 @@ - #define _LINUX_ICMPV6_H - - #include <linux/skbuff.h> -+#include <linux/ipv6.h> - #include <uapi/linux/icmpv6.h> - - static inline struct icmp6hdr *icmp6_hdr(const struct sk_buff *skb) -@@ -13,21 +14,41 @@ - #include <linux/netdevice.h> - - #if IS_ENABLED(CONFIG_IPV6) --extern void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info); -+extern void __icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, -+ const struct inet6_skb_parm *parm); - -+static inline void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) -+{ -+ __icmpv6_send(skb, type, code, info, IP6CB(skb)); -+} - typedef void ip6_icmp_send_t(struct sk_buff *skb, u8 type, u8 code, __u32 info, -- const struct in6_addr *force_saddr); -+ const struct in6_addr *force_saddr, -+ const struct inet6_skb_parm *parm); - extern int inet6_register_icmp_sender(ip6_icmp_send_t *fn); - extern int inet6_unregister_icmp_sender(ip6_icmp_send_t *fn); - int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, - unsigned int data_len); - -+#if IS_ENABLED(CONFIG_NF_NAT) -+void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info); -+#else -+static inline void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info) -+{ -+ struct inet6_skb_parm parm = { 0 }; -+ __icmpv6_send(skb_in, type, code, info, &parm); -+} -+#endif -+ - #else - - static inline void icmpv6_send(struct sk_buff *skb, - u8 type, u8 code, __u32 info) - { -+} - -+static inline void icmpv6_ndo_send(struct sk_buff *skb, -+ u8 type, u8 code, __u32 info) -+{ - } - #endif - ---- b/include/net/icmp.h -+++ b/include/net/icmp.h -@@ -43,6 +43,16 @@ - __icmp_send(skb_in, type, code, info, &IPCB(skb_in)->opt); - } - -+#if IS_ENABLED(CONFIG_NF_NAT) -+void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info); -+#else -+static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info) -+{ -+ struct ip_options opts = { 0 }; -+ __icmp_send(skb_in, type, code, info, &opts); -+} -+#endif -+ - int icmp_rcv(struct sk_buff *skb); - int icmp_err(struct sk_buff *skb, u32 info); - int icmp_init(void); ---- b/net/ipv4/icmp.c -+++ b/net/ipv4/icmp.c -@@ -750,6 +750,40 @@ - } - EXPORT_SYMBOL(__icmp_send); - -+#if IS_ENABLED(CONFIG_NF_NAT) -+#include <net/netfilter/nf_conntrack.h> -+void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info) -+{ -+ struct sk_buff *cloned_skb = NULL; -+ struct ip_options opts = { 0 }; -+ enum ip_conntrack_info ctinfo; -+ struct nf_conn *ct; -+ __be32 orig_ip; -+ -+ ct = nf_ct_get(skb_in, &ctinfo); -+ if (!ct || !(ct->status & IPS_SRC_NAT)) { -+ __icmp_send(skb_in, type, code, info, &opts); -+ return; -+ } -+ -+ if (skb_shared(skb_in)) -+ skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC); -+ -+ if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || -+ (skb_network_header(skb_in) + sizeof(struct iphdr)) > -+ skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in, -+ skb_network_offset(skb_in) + sizeof(struct iphdr)))) -+ goto out; -+ -+ orig_ip = ip_hdr(skb_in)->saddr; -+ ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; -+ __icmp_send(skb_in, type, code, info, &opts); -+ ip_hdr(skb_in)->saddr = orig_ip; -+out: -+ consume_skb(cloned_skb); -+} -+EXPORT_SYMBOL(icmp_ndo_send); -+#endif - - static void icmp_socket_deliver(struct sk_buff *skb, u32 info) - { ---- b/net/ipv6/ip6_icmp.c -+++ b/net/ipv6/ip6_icmp.c -@@ -31,7 +31,8 @@ - } - EXPORT_SYMBOL(inet6_unregister_icmp_sender); - --void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) -+void __icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, -+ const struct inet6_skb_parm *parm) - { - ip6_icmp_send_t *send; - -@@ -42,7 +43,42 @@ - goto out; -- send(skb, type, code, info, NULL); -+ send(skb, type, code, info, NULL, parm); - out: - rcu_read_unlock(); - } --EXPORT_SYMBOL(icmpv6_send); -+EXPORT_SYMBOL(__icmpv6_send); -+ -+#if IS_ENABLED(CONFIG_NF_NAT) -+#include <net/netfilter/nf_conntrack.h> -+void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info) -+{ -+ struct inet6_skb_parm parm = { 0 }; -+ struct sk_buff *cloned_skb = NULL; -+ enum ip_conntrack_info ctinfo; -+ struct in6_addr orig_ip; -+ struct nf_conn *ct; -+ -+ ct = nf_ct_get(skb_in, &ctinfo); -+ if (!ct || !(ct->status & IPS_SRC_NAT)) { -+ __icmpv6_send(skb_in, type, code, info, &parm); -+ return; -+ } -+ -+ if (skb_shared(skb_in)) -+ skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC); -+ -+ if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || -+ (skb_network_header(skb_in) + sizeof(struct ipv6hdr)) > -+ skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in, -+ skb_network_offset(skb_in) + sizeof(struct ipv6hdr)))) -+ goto out; -+ -+ orig_ip = ipv6_hdr(skb_in)->saddr; -+ ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6; -+ __icmpv6_send(skb_in, type, code, info, &parm); -+ ipv6_hdr(skb_in)->saddr = orig_ip; -+out: -+ consume_skb(cloned_skb); -+} -+EXPORT_SYMBOL(icmpv6_ndo_send); -+#endif - #endif ---- a/include/linux/ipv6.h -+++ b/include/linux/ipv6.h -@@ -83,7 +83,6 @@ struct ipv6_params { - __s32 autoconf; - }; - extern struct ipv6_params ipv6_defaults; --#include <linux/icmpv6.h> - #include <linux/tcp.h> - #include <linux/udp.h> - ---- a/net/ipv6/icmp.c -+++ b/net/ipv6/icmp.c -@@ -312,10 +312,9 @@ static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, st - } - - #if IS_ENABLED(CONFIG_IPV6_MIP6) --static void mip6_addr_swap(struct sk_buff *skb) -+static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) - { - struct ipv6hdr *iph = ipv6_hdr(skb); -- struct inet6_skb_parm *opt = IP6CB(skb); - struct ipv6_destopt_hao *hao; - struct in6_addr tmp; - int off; -@@ -332,7 +331,7 @@ static void mip6_addr_swap(struct sk_buff *skb) - } - } - #else --static inline void mip6_addr_swap(struct sk_buff *skb) {} -+static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {} - #endif - - static struct dst_entry *icmpv6_route_lookup(struct net *net, -@@ -427,7 +426,8 @@ static int icmp6_iif(const struct sk_buff *skb) - * Send an ICMP message in response to a packet in error - */ - static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, -- const struct in6_addr *force_saddr) -+ const struct in6_addr *force_saddr, -+ const struct inet6_skb_parm *parm) - { - struct inet6_dev *idev = NULL; - struct ipv6hdr *hdr = ipv6_hdr(skb); -@@ -520,7 +520,7 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, - if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type)) - goto out_bh_enable; - -- mip6_addr_swap(skb); -+ mip6_addr_swap(skb, parm); - - memset(&fl6, 0, sizeof(fl6)); - fl6.flowi6_proto = IPPROTO_ICMPV6; -@@ -605,7 +605,7 @@ out_bh_enable: - */ - void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) - { -- icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL); -+ icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb)); - kfree_skb(skb); - } - -@@ -662,10 +662,10 @@ int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, - } - if (type == ICMP_TIME_EXCEEDED) - icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, -- info, &temp_saddr); -+ info, &temp_saddr, IP6CB(skb2)); - else - icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, -- info, &temp_saddr); -+ info, &temp_saddr, IP6CB(skb2)); - if (rt) - ip6_rt_put(rt); - --- a/MAINTAINERS +++ b/MAINTAINERS @@ -17584,6 +17584,14 @@ L: [email protected]
