Date: Sun, 9 Jan 2022 01:45:08 GMT From: Robert Wing <rew@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 91d388119ae2 - main - tcpmd5: return ENOENT when security association not found Message-ID: <202201090145.2091j8Va028695@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rew: URL: https://cgit.FreeBSD.org/src/commit/?id=91d388119ae229702538b96d79cf76556cf0ecf4 commit 91d388119ae229702538b96d79cf76556cf0ecf4 Author: Robert Wing <rew@FreeBSD.org> AuthorDate: 2022-01-09 01:07:10 +0000 Commit: Robert Wing <rew@FreeBSD.org> CommitDate: 2022-01-09 01:31:17 +0000 tcpmd5: return ENOENT when security association not found Return ENOENT from tcp_ipsec_input() when a security association is not found. This allows callers of TCP_MD5_INPUT() to differentiate between a security association not found and receiving a bad signature. Also return ENOENT from tcp_ipsec_output() for consistency. Reviewed by: ae Sponsored by: nepustil.net Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D33226 --- sys/netipsec/xform_tcp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c index 54681f7df5d2..b53544cd00fb 100644 --- a/sys/netipsec/xform_tcp.c +++ b/sys/netipsec/xform_tcp.c @@ -251,7 +251,7 @@ setsockaddrs(const struct mbuf *m, union sockaddr_union *src, * th pointer to TCP header * buf pointer to storage for computed MD5 digest * - * Return 0 if successful, otherwise return -1. + * Return 0 if successful, otherwise return error code. */ static int tcp_ipsec_input(struct mbuf *m, struct tcphdr *th, u_char *buf) @@ -267,7 +267,7 @@ tcp_ipsec_input(struct mbuf *m, struct tcphdr *th, u_char *buf) sav = key_allocsa_tcpmd5(&saidx); if (sav == NULL) { KMOD_TCPSTAT_INC(tcps_sig_err_buildsig); - return (EACCES); + return (ENOENT); } /* * tcp_input() operates with TCP header fields in host @@ -307,7 +307,7 @@ tcp_ipsec_output(struct mbuf *m, struct tcphdr *th, u_char *buf) sav = key_allocsa_tcpmd5(&saidx); if (sav == NULL) { KMOD_TCPSTAT_INC(tcps_sig_err_buildsig); - return (EACCES); + return (ENOENT); } tcp_signature_compute(m, th, sav, buf); key_freesav(&sav);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201090145.2091j8Va028695>