xfrm: Add dir validation to "out" data path lookup

Introduces validation for the x->dir attribute within the XFRM output data lookup path. If the configured direction does not match the expected direction, output, increment the XfrmOutStateDirError counter and drop the packet to ensure data integrity and correct flow handling. grep -vw 0 /proc/net/xfrm_stat XfrmOutPolError 1 XfrmOutStateDirError 1 Signed-off-by: Antony Antony <antony.antony@secunet.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Antony Antony <antony.antony@secunet.com> 2024-04-30 10:09:09 +0300
committer: Steffen Klassert <steffen.klassert@secunet.com> 2024-05-01 11:05:52 +0300
commit: 601a0867f86cbb5e137ce485a7eb60cbf9fc5180 (patch)
tree: 2ca97abbe49a1d896fe6bd0a0a0e3e1eba54e762 /include
parent: a4a87fa4e96c7746e009de06a567688fd9af6013 (diff)
download: linux-601a0867f86cbb5e137ce485a7eb60cbf9fc5180.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index a0819c6a5988..23792b8412bd 100644
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -337,6 +337,7 @@ enum
 	LINUX_MIB_XFRMFWDHDRERROR,		/* XfrmFwdHdrError*/
 	LINUX_MIB_XFRMOUTSTATEINVALID,		/* XfrmOutStateInvalid */
 	LINUX_MIB_XFRMACQUIREERROR,		/* XfrmAcquireError */
+	LINUX_MIB_XFRMOUTSTATEDIRERROR,		/* XfrmOutStateDirError */
 	__LINUX_MIB_XFRMMAX
 };
author	Antony Antony <antony.antony@secunet.com>	2024-04-30 10:09:09 +0300
committer	Steffen Klassert <steffen.klassert@secunet.com>	2024-05-01 11:05:52 +0300
commit	601a0867f86cbb5e137ce485a7eb60cbf9fc5180 (patch)
tree	2ca97abbe49a1d896fe6bd0a0a0e3e1eba54e762 /include
parent	a4a87fa4e96c7746e009de06a567688fd9af6013 (diff)
download	linux-601a0867f86cbb5e137ce485a7eb60cbf9fc5180.tar.xz