esp6: Fix integrity verification when ESN are used

tobiasbrunner · gregkh · commit 52783ada69b4 · 2016-12-10T19:07:26.000+01:00
commit a55e23864d381c5a4ef110df94b00b2fe121a70d upstream. When handling inbound packets, the two halves of the sequence number stored on the skb are already in network order. Fixes: 000ae7b ("esp6: Switch to new AEAD interface") Signed-off-by: Tobias Brunner <tobias@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
 		esph = (void *)skb_push(skb, 4);
 		*seqhi = esph->spi;
 		esph->spi = esph->seq_no;
-		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
+		esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
 		aead_request_set_callback(req, 0, esp_input_done_esn, skb);
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state x, struct sk_buff skb)`
`418`	`418`	`esph = (void *)skb_push(skb, 4);`
`419`	`419`	`*seqhi = esph->spi;`
`420`	`420`	`esph->spi = esph->seq_no;`
`421`		`- esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);`
	`421`	`+ esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;`
`422`	`422`	`aead_request_set_callback(req, 0, esp_input_done_esn, skb);`
`423`	`423`	`}`
`424`	`424`