Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1724179ybm; Tue, 21 May 2019 20:19:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqxa2swoGpTIPLJM1U8Gr6BceAwz1viewVEVzbzoNurZIWc2il3o4k709qyZjQfskzLhNhYs X-Received: by 2002:a17:902:8214:: with SMTP id x20mr65050682pln.308.1558495179525; Tue, 21 May 2019 20:19:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558495179; cv=none; d=google.com; s=arc-20160816; b=hNzG1VmDs1M2qIpqJ9JLoRJ/NKCC8wjWlrjOoT8+0PYkeJqRjJZavTRioCHZvsqZLq i8nhwJJQouBY/53K4UaQttD1h3HBwgKGF5kbWK3WeK2on7p+5z4R6pEdC7szs0Ci3vId 0UZKGQlNljdPlak9oEKb5qhyczzfKSGQxCJhJ+6j0yJ8YSiYmfk7oHFGrfPtnqH11HAC V5wUxk14LrrDO9oRrFT5g/+xC9Qf0NubuwFLhS5PWnR4x8F5XTu/GQ0VuILn5JcHjBeo mkXBvvlH3fX66jbJEIy//aDdoQM3hJhrouOojSO+zQxMtbTHxXJU5SXpDMc6Q179qZd7 nzuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=UJPjYShteroRDju91TUUmVinmsb6RE4KxR8TCP4va8Y=; b=fhfMeSrLtMqVFYvDJy0FGsTXhMXR1tk9HSmmaRt9tp99H+iwKkusCrNy1n6KUojVt9 ppW6pMTSmEjodN+vdGFHKKinaUJOnIsxG9ZwyNKrGV+KpdbDs69FMpte2AMWgdB6sZh5 yQhL1c5G6uF947NHLWAqeMOQlAu7N0LvujgyDYXE5NgDL+wb6oN/BPNn+P98dAld/To3 yvmUcuDv+9zGaA5L39BdE6/HGKuZzMS37AYT2n0GdcmjU3vYIsR6VpZ52tMIBDKaa8IS G/Q7bGe8P53OBOAewQroDcifwkUDNzGUyB56B4HME/zzbMT5+xurvP2ngVyIAIPbV1S2 PWBw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f13si25629629pga.385.2019.05.21.20.19.24; Tue, 21 May 2019 20:19:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728489AbfEVDRJ (ORCPT + 99 others); Tue, 21 May 2019 23:17:09 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:35920 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728031AbfEVDRJ (ORCPT ); Tue, 21 May 2019 23:17:09 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1hTHkV-0000uB-Io; Wed, 22 May 2019 11:17:03 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1hTHkS-0004Xl-2M; Wed, 22 May 2019 11:17:00 +0800 Date: Wed, 22 May 2019 11:17:00 +0800 From: Herbert Xu To: Anirudh Gupta Cc: Steffen Klassert , Anirudh Gupta , "David S. Miller" , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH net] xfrm: Fix xfrm sel prefix length validation Message-ID: <20190522031700.ynp6ctodqlztybb2@gondor.apana.org.au> References: <20190521152947.75014-1-anirudh.gupta@sophos.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190521152947.75014-1-anirudh.gupta@sophos.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 21, 2019 at 08:59:47PM +0530, Anirudh Gupta wrote: > Family of src/dst can be different from family of selector src/dst. > Use xfrm selector family to validate address prefix length, > while verifying new sa from userspace. > > Validated patch with this command: > ip xfrm state add src 1.1.6.1 dst 1.1.6.2 proto esp spi 4260196 \ > reqid 20004 mode tunnel aead "rfc4106(gcm(aes))" \ > 0x1111016400000000000000000000000044440001 128 \ > sel src 1011:1:4::2/128 sel dst 1021:1:4::2/128 dev Port5 > > Fixes: 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") > Signed-off-by: Anirudh Gupta Acked-by: Herbert Xu -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt