From patchwork Fri Mar 8 16:36:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Boyer, Andrew" X-Patchwork-Id: 1053599 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=dell.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=dell.com header.i=@dell.com header.b="KIJR9G4K"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44GCpV6R1xz9sBF for ; Sat, 9 Mar 2019 03:37:38 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726588AbfCHQhg (ORCPT ); Fri, 8 Mar 2019 11:37:36 -0500 Received: from esa1.dell-outbound.iphmx.com ([68.232.153.90]:34728 "EHLO esa1.dell-outbound.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726375AbfCHQhf (ORCPT ); Fri, 8 Mar 2019 11:37:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1552062987; x=1583598987; h=cc:from:to:subject:date:message-id; bh=UG9W8tz98oZ2sXKMQTIH2E19KskSWJygztOVX6dg0Ws=; b=KIJR9G4K97wdIwPS24UjPysTaPCetgHc8K6WnLcNTcMN4ZkzA0A7zPYN MrU9/YKKOOQxPthB+OT7WtH3SY6g7C0k9nUHSv8gN4TMmP5TKA3Bjb7RH v6qwuxktts0cdnndH7VDVN8yY0vhIftud4VN/MCaXW1Q9WDVp2EZyhO4U 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A2EiAAAkmYJchyWd50NkHgEGBwaBUggLAYNoEieNAqUCgXsLAQGEbIRaNQgNAQEDAQEHAQMCAQECEAEBARUJCCkvgjopAYJqFmcwgSEigwCBdp46PQJvgQGJBwEBAYIehUSEaYEvhmWGHj+BEYJkhXyFFAKRdpIoBwKCQASQOQwZkzcBnTgCBAIEBQIUgUkBNIFYMxojgzyCFg4JjjwiATGQGAEB X-IPAS-Result: A2EiAAAkmYJchyWd50NkHgEGBwaBUggLAYNoEieNAqUCgXsLAQGEbIRaNQgNAQEDAQEHAQMCAQECEAEBARUJCCkvgjopAYJqFmcwgSEigwCBdp46PQJvgQGJBwEBAYIehUSEaYEvhmWGHj+BEYJkhXyFFAKRdpIoBwKCQASQOQwZkzcBnTgCBAIEBQIUgUkBNIFYMxojgzyCFg4JjjwiATGQGAEB Received: from mx0b-00154901.pphosted.com (HELO mx0a-00154901.pphosted.com) ([67.231.157.37]) by esa1.dell-outbound.iphmx.com with ESMTP/TLS/AES256-SHA256; 08 Mar 2019 10:36:26 -0600 Received: from pps.filterd (m0089484.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x28GX8oa141062 for ; Fri, 8 Mar 2019 11:37:33 -0500 Received: from esa1.dell-outbound2.iphmx.com (esa1.dell-outbound2.iphmx.com [68.232.153.201]) by mx0b-00154901.pphosted.com with ESMTP id 2r3ndpa9f0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 08 Mar 2019 11:37:33 -0500 Cc: Farrell Woods Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa1.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA256; 08 Mar 2019 22:37:32 +0600 Received: from emc.com (localhost [127.0.0.1]) by mailuogwprd03.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x28GbTKW003543 for ; Fri, 8 Mar 2019 11:37:30 -0500 Received: from maildlpprd01.lss.emc.com ([[10.253.24.33]]) by mailuogwprd03.lss.emc.com with ESMTP id x28GatJO003222 ; Fri, 8 Mar 2019 11:36:59 -0500 X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd03.lss.emc.com x28GatJO003222 Received: from mailsyshubprd51.lss.emc.com (mailsyshubprd51.lss.emc.com [10.106.48.26]) by maildlpprd01.lss.emc.com (RSA Interceptor); Fri, 8 Mar 2019 11:36:42 -0500 Received: from hopcyc-boyera-1-00.cec.lab.emc.com ([10.244.196.91]) by mailsyshubprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x28GagUt017357; Fri, 8 Mar 2019 11:36:42 -0500 From: Andrew Boyer To: netdev@vger.kernel.org Subject: [PATCH] net/ipv6: Skip policy check to improve compliance Date: Fri, 8 Mar 2019 11:36:24 -0500 Message-Id: <20190308163624.21175-1-andrew.boyer@dell.com> X-Mailer: git-send-email 2.16.2 X-RSA-Classifications: public X-Sentrion-Hostname: mailuogwprd03.lss.emc.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-08_14:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903080115 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Farrell Woods The patch fixes an IPv6 conformance test failure (v6LC_1_2_03a in the UNH INTACT suite) that occurs specifically when IPsec is in use. The test iterates through the set of unassigned protocol numbers (currently, 143 through 252) and inserts these into the next header field of a Destination Options header. The expected test result is that an ICMPv6 Parameter Problem is sent back. But if there's a policy in place that requires an active SA between the Test Node and the Device Under Test (and none exists), the inbound packet is quietly dropped. Signed-off-by: Farrell Woods --- net/ipv6/ip6_input.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index c7ed2b6..26259b3 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -409,12 +409,10 @@ void ip6_protocol_deliver_rcu(struct net *net, struct sk_buff *skb, int nexthdr, } } else { if (!raw) { - if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { - __IP6_INC_STATS(net, idev, - IPSTATS_MIB_INUNKNOWNPROTOS); - icmpv6_send(skb, ICMPV6_PARAMPROB, - ICMPV6_UNK_NEXTHDR, nhoff); - } + __IP6_INC_STATS(net, idev, + IPSTATS_MIB_INUNKNOWNPROTOS); + icmpv6_send(skb, ICMPV6_PARAMPROB, + ICMPV6_UNK_NEXTHDR, nhoff); kfree_skb(skb); } else { __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDELIVERS);