Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4697350ybi; Tue, 28 May 2019 00:45:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqwn8lJVgR4nz9BVsVHxk8rYm2MZcaH2XvD2VcjglD5bp31m4mkqmPpvUdFYX6lVVL6XVpzY X-Received: by 2002:a17:90a:8982:: with SMTP id v2mr3659600pjn.138.1559029534987; Tue, 28 May 2019 00:45:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559029534; cv=none; d=google.com; s=arc-20160816; b=Nq8gRxUguqz7LYrrJeZ7xoVO1oz01CR3sSbKwhQqOX3QNb3P3DvNIW4IlW5JW3RraS DN74BHODRDSt28uEySaiitpnuOOpWVhJEBX0p2by6v8tsnuZbHlcZJbYQf5qxkiAy9Mv hNUQo3XYwC2aMsrDJ25rC/phyT42GYR7cSefWgZjqCPDw1upXq9XSdt5tXaVV7DttS0a ILg7e5vB1SlWtm/bWtcRoS28XOS7tZAZDrBtrVvM1opCwlDX6vRS0rs423l9hVrFqfZI WNu3TyJ5BPCA+pj/ZN0+g9MBYQEduBQXROaQqGhkcN+rL+JPCPMFaVxs9uvGOXQ9eR3C ylDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=xhAnm4H/6OpdNRbcinOiodyVUWa2Woq3FdSvMA35Ov0=; b=0FerNJzzfh3xPZutkNsGHAFu8WsBT3jqlsyyN4hBbSHpJbgfxFWOPkvFq6rQuOthDp o0liVDP4CrUOX43g++ETxdbLNKbzI8Iiz6zLejkuy9K2wxA03Xe8z4D1M1yAH6W2N4Es HQTQay3ggHOFQf0xB621RZ+KAQ88ShDaeMsQpTKERNbvBggnW2EH8TJxuVAcq/bb6PqR yR8T1IWgKqu6rsa+dPlZK85R7AM+OTIm7t8MuuKXvtJbyIaVxD5Z5NLWcAMkwZStMcsF U3NsaZgAgW8SdIr6uAHEPCzgMRlfYqf+TEN9ytph3Kipp+9jz/4DglCE1fYKcxcQSJoF VDPA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a33si21322139plc.283.2019.05.28.00.45.19; Tue, 28 May 2019 00:45:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727532AbfE1HoQ (ORCPT + 99 others); Tue, 28 May 2019 03:44:16 -0400 Received: from a.mx.secunet.com ([62.96.220.36]:40800 "EHLO a.mx.secunet.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726789AbfE1HoQ (ORCPT ); Tue, 28 May 2019 03:44:16 -0400 Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id E9277201DB; Tue, 28 May 2019 09:44:14 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTKhhgUGSkYu; Tue, 28 May 2019 09:44:10 +0200 (CEST) Received: from mail-essen-01.secunet.de (mail-essen-01.secunet.de [10.53.40.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id BD51F200BA; Tue, 28 May 2019 09:44:10 +0200 (CEST) Received: from gauss2.secunet.de (10.182.7.193) by mail-essen-01.secunet.de (10.53.40.204) with Microsoft SMTP Server id 14.3.439.0; Tue, 28 May 2019 09:44:11 +0200 Received: by gauss2.secunet.de (Postfix, from userid 1000) id 4722B31804FB; Tue, 28 May 2019 09:44:10 +0200 (CEST) Date: Tue, 28 May 2019 09:44:10 +0200 From: Steffen Klassert To: Herbert Xu CC: Anirudh Gupta , Anirudh Gupta , "David S. Miller" , , Subject: Re: [PATCH net] xfrm: Fix xfrm sel prefix length validation Message-ID: <20190528074410.GD14601@gauss3.secunet.de> References: <20190521152947.75014-1-anirudh.gupta@sophos.com> <20190522031700.ynp6ctodqlztybb2@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20190522031700.ynp6ctodqlztybb2@gondor.apana.org.au> User-Agent: Mutt/1.9.4 (2018-02-28) X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 22, 2019 at 11:17:00AM +0800, Herbert Xu wrote: > On Tue, May 21, 2019 at 08:59:47PM +0530, Anirudh Gupta wrote: > > Family of src/dst can be different from family of selector src/dst. > > Use xfrm selector family to validate address prefix length, > > while verifying new sa from userspace. > > > > Validated patch with this command: > > ip xfrm state add src 1.1.6.1 dst 1.1.6.2 proto esp spi 4260196 \ > > reqid 20004 mode tunnel aead "rfc4106(gcm(aes))" \ > > 0x1111016400000000000000000000000044440001 128 \ > > sel src 1011:1:4::2/128 sel dst 1021:1:4::2/128 dev Port5 > > > > Fixes: 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") > > Signed-off-by: Anirudh Gupta > > Acked-by: Herbert Xu Patch applied, thanks everyone!