diff options
| author | Antony Antony <antony.antony@secunet.com> | 2024-04-30 09:09:09 +0200 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2024-05-01 10:05:52 +0200 |
| commit | 601a0867f86cbb5e137ce485a7eb60cbf9fc5180 (patch) | |
| tree | 2ca97abbe49a1d896fe6bd0a0a0e3e1eba54e762 /Documentation/networking | |
| parent | xfrm: Add Direction to the SA in or out (diff) | |
| download | linux-601a0867f86cbb5e137ce485a7eb60cbf9fc5180.tar.xz linux-601a0867f86cbb5e137ce485a7eb60cbf9fc5180.zip | |
xfrm: Add dir validation to "out" data path lookup
Introduces validation for the x->dir attribute within the XFRM output
data lookup path. If the configured direction does not match the expected
direction, output, increment the XfrmOutStateDirError counter and drop
the packet to ensure data integrity and correct flow handling.
grep -vw 0 /proc/net/xfrm_stat
XfrmOutPolError 1
XfrmOutStateDirError 1
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'Documentation/networking')
| -rw-r--r-- | Documentation/networking/xfrm_proc.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/networking/xfrm_proc.rst b/Documentation/networking/xfrm_proc.rst index 0a771c5a7399..5ac3acf4cf51 100644 --- a/Documentation/networking/xfrm_proc.rst +++ b/Documentation/networking/xfrm_proc.rst @@ -111,3 +111,6 @@ XfrmOutPolError: XfrmOutStateInvalid: State is invalid, perhaps expired + +XfrmOutStateDirError: + State direction mismatch (lookup found an input state on the output path, expected output or no direction) |