Skip to content

Commit aeb48a4

Browse files
antonyantonyklassert
antonyantony
authored and
klassert
committed
udpencap: Remove Obsolete UDP_ENCAP_ESPINUDP_NON_IKE Support
The UDP_ENCAP_ESPINUDP_NON_IKE mode, introduced into the Linux kernel in 2004 [2], has remained inactive and obsolete for an extended period. This mode was originally defined in an early version of an IETF draft [1] from 2001. By the time it was integrated into the kernel in 2004 [2], it had already been replaced by UDP_ENCAP_ESPINUDP [3] in later versions of draft-ietf-ipsec-udp-encaps, particularly in version 06. Over time, UDP_ENCAP_ESPINUDP_NON_IKE has lost its relevance, with no known use cases. With this commit, we remove support for UDP_ENCAP_ESPINUDP_NON_IKE, simplifying the codebase and eliminating unnecessary complexity. Kernel will return an error -ENOPROTOOPT if the userspace tries to set this option. References: [1] https://datatracker.ietf.org/doc/html/draft-ietf-ipsec-udp-encaps-00.txt [2] Commit that added UDP_ENCAP_ESPINUDP_NON_IKE to the Linux historic repository. Author: Andreas Gruenbacher <agruen@suse.de> Date: Fri Apr 9 01:47:47 2004 -0700 [IPSEC]: Support draft-ietf-ipsec-udp-encaps-00/01, some ipec impls need it. [3] Commit that added UDP_ENCAP_ESPINUDP to the Linux historic repository. Author: Derek Atkins <derek@ihtfp.com> Date: Wed Apr 2 13:21:02 2003 -0800 [IPSEC]: Implement UDP Encapsulation framework. Signed-off-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
1 parent 267e317 commit aeb48a4

File tree

6 files changed

+1
-53
lines changed

6 files changed

+1
-53
lines changed

include/uapi/linux/udp.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ struct udphdr {
3636
#define UDP_GRO 104 /* This socket can receive UDP GRO packets */
3737

3838
/* UDP encapsulation types */
39-
#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
39+
#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* unused draft-ietf-ipsec-nat-t-ike-00/01 */
4040
#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */
4141
#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */
4242
#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */

net/ipv4/esp4.c

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -347,7 +347,6 @@ static struct ip_esp_hdr *esp_output_udp_encap(struct sk_buff *skb,
347347
__be16 dport)
348348
{
349349
struct udphdr *uh;
350-
__be32 *udpdata32;
351350
unsigned int len;
352351

353352
len = skb->len + esp->tailen - skb_transport_offset(skb);
@@ -362,12 +361,6 @@ static struct ip_esp_hdr *esp_output_udp_encap(struct sk_buff *skb,
362361

363362
*skb_mac_header(skb) = IPPROTO_UDP;
364363

365-
if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {
366-
udpdata32 = (__be32 *)(uh + 1);
367-
udpdata32[0] = udpdata32[1] = 0;
368-
return (struct ip_esp_hdr *)(udpdata32 + 2);
369-
}
370-
371364
return (struct ip_esp_hdr *)(uh + 1);
372365
}
373366

@@ -423,7 +416,6 @@ static int esp_output_encap(struct xfrm_state *x, struct sk_buff *skb,
423416
switch (encap_type) {
424417
default:
425418
case UDP_ENCAP_ESPINUDP:
426-
case UDP_ENCAP_ESPINUDP_NON_IKE:
427419
esph = esp_output_udp_encap(skb, encap_type, esp, sport, dport);
428420
break;
429421
case TCP_ENCAP_ESPINTCP:
@@ -775,7 +767,6 @@ int esp_input_done2(struct sk_buff *skb, int err)
775767
source = th->source;
776768
break;
777769
case UDP_ENCAP_ESPINUDP:
778-
case UDP_ENCAP_ESPINUDP_NON_IKE:
779770
source = uh->source;
780771
break;
781772
default:
@@ -1179,9 +1170,6 @@ static int esp_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
11791170
case UDP_ENCAP_ESPINUDP:
11801171
x->props.header_len += sizeof(struct udphdr);
11811172
break;
1182-
case UDP_ENCAP_ESPINUDP_NON_IKE:
1183-
x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
1184-
break;
11851173
#ifdef CONFIG_INET_ESPINTCP
11861174
case TCP_ENCAP_ESPINTCP:
11871175
/* only the length field, TCP encap is done by

net/ipv4/udp.c

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2699,8 +2699,6 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
26992699
#ifdef CONFIG_XFRM
27002700
case UDP_ENCAP_ESPINUDP:
27012701
set_xfrm_gro_udp_encap_rcv(val, sk->sk_family, sk);
2702-
fallthrough;
2703-
case UDP_ENCAP_ESPINUDP_NON_IKE:
27042702
#if IS_ENABLED(CONFIG_IPV6)
27052703
if (sk->sk_family == AF_INET6)
27062704
WRITE_ONCE(up->encap_rcv,

net/ipv4/xfrm4_input.c

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -113,19 +113,6 @@ static int __xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb, bool pull
113113
/* Must be an IKE packet.. pass it through */
114114
return 1;
115115
break;
116-
case UDP_ENCAP_ESPINUDP_NON_IKE:
117-
/* Check if this is a keepalive packet. If so, eat it. */
118-
if (len == 1 && udpdata[0] == 0xff) {
119-
return -EINVAL;
120-
} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
121-
udpdata32[0] == 0 && udpdata32[1] == 0) {
122-
123-
/* ESP Packet with Non-IKE marker */
124-
len = sizeof(struct udphdr) + 2 * sizeof(u32);
125-
} else
126-
/* Must be an IKE packet.. pass it through */
127-
return 1;
128-
break;
129116
}
130117

131118
/* At this point we are sure that this is an ESPinUDP packet,

net/ipv6/esp6.c

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -383,7 +383,6 @@ static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb,
383383
__be16 dport)
384384
{
385385
struct udphdr *uh;
386-
__be32 *udpdata32;
387386
unsigned int len;
388387

389388
len = skb->len + esp->tailen - skb_transport_offset(skb);
@@ -398,12 +397,6 @@ static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb,
398397

399398
*skb_mac_header(skb) = IPPROTO_UDP;
400399

401-
if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {
402-
udpdata32 = (__be32 *)(uh + 1);
403-
udpdata32[0] = udpdata32[1] = 0;
404-
return (struct ip_esp_hdr *)(udpdata32 + 2);
405-
}
406-
407400
return (struct ip_esp_hdr *)(uh + 1);
408401
}
409402

@@ -459,7 +452,6 @@ static int esp6_output_encap(struct xfrm_state *x, struct sk_buff *skb,
459452
switch (encap_type) {
460453
default:
461454
case UDP_ENCAP_ESPINUDP:
462-
case UDP_ENCAP_ESPINUDP_NON_IKE:
463455
esph = esp6_output_udp_encap(skb, encap_type, esp, sport, dport);
464456
break;
465457
case TCP_ENCAP_ESPINTCP:
@@ -822,7 +814,6 @@ int esp6_input_done2(struct sk_buff *skb, int err)
822814
source = th->source;
823815
break;
824816
case UDP_ENCAP_ESPINUDP:
825-
case UDP_ENCAP_ESPINUDP_NON_IKE:
826817
source = uh->source;
827818
break;
828819
default:
@@ -1232,9 +1223,6 @@ static int esp6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
12321223
case UDP_ENCAP_ESPINUDP:
12331224
x->props.header_len += sizeof(struct udphdr);
12341225
break;
1235-
case UDP_ENCAP_ESPINUDP_NON_IKE:
1236-
x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);
1237-
break;
12381226
#ifdef CONFIG_INET6_ESPINTCP
12391227
case TCP_ENCAP_ESPINTCP:
12401228
/* only the length field, TCP encap is done by

net/ipv6/xfrm6_input.c

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -109,19 +109,6 @@ static int __xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb, bool pull
109109
/* Must be an IKE packet.. pass it through */
110110
return 1;
111111
break;
112-
case UDP_ENCAP_ESPINUDP_NON_IKE:
113-
/* Check if this is a keepalive packet. If so, eat it. */
114-
if (len == 1 && udpdata[0] == 0xff) {
115-
return -EINVAL;
116-
} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
117-
udpdata32[0] == 0 && udpdata32[1] == 0) {
118-
119-
/* ESP Packet with Non-IKE marker */
120-
len = sizeof(struct udphdr) + 2 * sizeof(u32);
121-
} else
122-
/* Must be an IKE packet.. pass it through */
123-
return 1;
124-
break;
125112
}
126113

127114
/* At this point we are sure that this is an ESPinUDP packet,

0 commit comments

Comments
 (0)