2025-01-13, 10:31:28 +0100, Antonio Quartulli wrote:
> static bool ovpn_encrypt_one(struct ovpn_peer *peer, struct sk_buff *skb)
> {
> - ovpn_skb_cb(skb)->peer = peer;
> + struct ovpn_crypto_key_slot *ks;
> +
> + if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL &&
> + skb_checksum_help(skb))) {
> + net_warn_ratelimited("%s: cannot compute checksum for outgoing
> packet for peer %u\n",
> + netdev_name(peer->ovpn->dev), peer->id);
> + return false;
> + }
> +
> + /* get primary key to be used for encrypting data */
> + ks = ovpn_crypto_key_slot_primary(&peer->crypto);
> + if (unlikely(!ks))
> + return false;
>
> /* take a reference to the peer because the crypto code may run async.
> * ovpn_encrypt_post() will release it upon completion
> @@ -118,7 +244,8 @@ static bool ovpn_encrypt_one(struct ovpn_peer *peer,
> struct sk_buff *skb)
Adding in the few lines that got snipped:
/* take a reference to the peer because the crypto code may run async.
* ovpn_encrypt_post() will release it upon completion
*/
if (unlikely(!ovpn_peer_hold(peer))) {
DEBUG_NET_WARN_ON_ONCE(1);
return false;
}
This should never happen, but just in case, we'd want
ovpn_crypto_key_slot_put() here.
> return false;
> }
--
Sabrina
