This change tests okay in my setup. Thanks very much -Blair
On 06/20/2016 10:59 PM, Steffen Klassert wrote: > On Sat, Jun 18, 2016 at 01:03:36PM +0800, Herbert Xu wrote: >> On Fri, Jun 17, 2016 at 12:24:29PM +0200, Steffen Klassert wrote: >>> On Wed, Jun 15, 2016 at 12:44:54AM +0000, Blair Steven wrote: >>>> The restoration is happening - but being actioned on the wrong location. >>>> >>>> The destination IP address is being saved and restored, and the SPI >>>> being written directly after the destination IP address. From my >>>> understanding though, the ESN shuffling should have saved and restored >>>> the UDP source / dest ports + SPI. >>> Yes, looks like we copy with a wrong offset if udp encapsulation >>> is used, skb_transport_header() does not point to the esp header >>> in this case. Ccing Herbert, he changed this part when switching >>> to the new AEAD interface with >>> commit 7021b2e1cddd ("esp4: Switch to new AEAD interface"). >> Thanks for catching this! >> >> I think rather than changing the transport header (which isn't >> quite right because UDP still is the transport protocol), we can >> just save the offset locally. Something like this: >> >> ---8<--- >> Blair Steven noticed that ESN in conjunction with UDP encapsulation >> is broken because we set the temporary ESP header to the wrong spot. >> >> This patch fixes this by first of all using the right spot, i.e., >> 4 bytes off the real ESP header, and then saving this information >> so that after encryption we can restore it properly. >> >> Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface") >> Reported-by: Blair Steven <blair.ste...@alliedtelesis.co.nz> >> Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au> > Looks good. > Blair could you please test this? > > Thanks!