Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / clo / qsdk / oss / lklm / nss-clients / d010fc28a95f0c22bb6eb7b1f810d2d82fd93b7f^1..d010fc28a95f0c22bb6eb7b1f810d2d82fd93b7f / .
commitd010fc28a95f0c22bb6eb7b1f810d2d82fd93b7f[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Fri Jul 17 08:11:14 2020 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>Fri Jul 17 08:11:14 2020 -0700
treec6d0ff45d20ade132364650326fd20488a4bd0ec
parent25aced03f9fb398b937eea8caabc273cb0bc398e [diff]
parentec711faec8357c2d745a39666f98ffcbb8274e74 [diff]
Merge "[qca-nss-clients] Fix openvpn V2 data packet processing"
diff --git a/exports/nss_ovpnmgr.h b/exports/nss_ovpnmgr.h
index 7f0c2dc..737949c 100644
--- a/exports/nss_ovpnmgr.h
+++ b/exports/nss_ovpnmgr.h

@@ -1,6 +1,6 @@
 /*
  **************************************************************************
- * Copyright (c) 2019, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
  * above copyright notice and this permission notice appear in all copies.
@@ -45,9 +45,8 @@
  */
 #define NSS_OVPNMGR_TUN_DATA_V1       6		/* Data version 1 packet. */
 #define NSS_OVPNMGR_TUN_DATA_V2       9		/* Data version 2 packet. */
-#define NSS_OVPNMGR_TUN_KEY_ID_MASK   0x07	/* Key ID mask, lower 3 bits. */
-#define NSS_OVPNMGR_TUN_OPCODE_SHIFT  3		/* Opcode shift, upper 5 bits. */
-#define NSS_OVPNMGR_TUN_PEER_ID_SHIFT 24	/* Peer ID shift, lower 24 bits. */
+#define NSS_OVPNMGR_TUN_KEY_ID_SHIFT  24	/* Key ID shift, lower 3 bits - 26-24. */
+#define NSS_OVPNMGR_TUN_OPCODE_SHIFT  27	/* Opcode shift, upper 5 bits - 31-27. */
 #define NSS_OVPNMGR_TUN_PEER_ID_MASK  0xFFFFFF	/* Peer ID mask. */
 
 

diff --git a/openvpn/plugins/nss_ovpn_sk.c b/openvpn/plugins/nss_ovpn_sk.c
index 69936ae..fb94768 100644
--- a/openvpn/plugins/nss_ovpn_sk.c
+++ b/openvpn/plugins/nss_ovpn_sk.c

@@ -338,6 +338,7 @@
 	}
 
 	tun_cfg.flags = tun_data.ovpn.flags;
+	tun_cfg.peer_id = tun_data.ovpn.peer_id;
 
 	/*
 	 * Update TTL and if necessary source IP address.

diff --git a/openvpn/src/nss_ovpnmgr_crypto.c b/openvpn/src/nss_ovpnmgr_crypto.c
index 3795f4b..c953d4d 100644
--- a/openvpn/src/nss_ovpnmgr_crypto.c
+++ b/openvpn/src/nss_ovpnmgr_crypto.c

@@ -73,7 +73,7 @@
 
 	if (tun->tun_cfg.flags & NSS_OVPNMGR_HDR_FLAG_DATA_V2) {
 		session_id = NSS_OVPNMGR_TUN_DATA_V2 << NSS_OVPNMGR_TUN_OPCODE_SHIFT;
-		session_id |= tun_ctx->active.key_id << NSS_OVPNMGR_TUN_PEER_ID_SHIFT;
+		session_id |= tun_ctx->active.key_id << NSS_OVPNMGR_TUN_KEY_ID_SHIFT;
 		session_id |= tun->tun_cfg.peer_id & NSS_OVPNMGR_TUN_PEER_ID_MASK;
 		session_id = htonl(session_id);
 	} else {

diff --git a/openvpn/src/nss_ovpnmgr_tun.c b/openvpn/src/nss_ovpnmgr_tun.c
index 1216279..799f9a5 100644
--- a/openvpn/src/nss_ovpnmgr_tun.c
+++ b/openvpn/src/nss_ovpnmgr_tun.c

@@ -592,8 +592,8 @@
 	if (tun->tun_cfg.flags & NSS_OVPNMGR_HDR_FLAG_DATA_V2) {
 		uint32_t *session_id = (uint32_t *)qvpn_cfg->hdr_cfg.vpn_hdr_head;
 
-		*session_id = htonl(((NSS_OVPNMGR_TUN_DATA_V2 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) |
-					tun->inner.active.key_id) << NSS_OVPNMGR_TUN_PEER_ID_SHIFT |
+		*session_id = htonl((NSS_OVPNMGR_TUN_DATA_V2 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) |
+					(tun->inner.active.key_id << NSS_OVPNMGR_TUN_KEY_ID_SHIFT) |
 					(tun->tun_cfg.peer_id & 0xFFFFFF));
 		/*
 		 * [op+kid|peer-id|HMAC Len|IV|SNO|Inner Packet]
@@ -602,9 +602,10 @@
 		qvpn_cfg->crypto_cfg.hmac_offset = 4;
 		qvpn_cfg->hdr_cfg.vpn_hdr_head_size = 4;
 	} else {
-		uint8_t *session_id = (uint8_t *)qvpn_cfg->hdr_cfg.vpn_hdr_head;
+		uint32_t *session_id = (uint32_t *)qvpn_cfg->hdr_cfg.vpn_hdr_head;
 
-		*session_id = (NSS_OVPNMGR_TUN_DATA_V1 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) | tun->inner.active.key_id;
+		*session_id = htonl((NSS_OVPNMGR_TUN_DATA_V1 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) |
+					(tun->inner.active.key_id << NSS_OVPNMGR_TUN_KEY_ID_SHIFT));
 		/*
 		 * [op+kid|HMAC Len|IV|SNO|Inner Packet]
 		 * [1|20-32|16-24-32]
@@ -705,8 +706,8 @@
 
 		nss_ovpnmgr_info("Peer transmits V2 data packets\n");
 
-		*session_id = htonl(((NSS_OVPNMGR_TUN_DATA_V2 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) |
-					tun->outer.active.key_id) << NSS_OVPNMGR_TUN_PEER_ID_SHIFT |
+		*session_id = htonl((NSS_OVPNMGR_TUN_DATA_V2 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) |
+					(tun->inner.active.key_id << NSS_OVPNMGR_TUN_KEY_ID_SHIFT) |
 					(tun->tun_cfg.peer_id & 0xFFFFFF));
 		/*
 		 * [op+kid|peer-id|HMAC Len|IV|SNO|Inner Packet]
@@ -715,9 +716,10 @@
 		qvpn_cfg->crypto_cfg.hmac_offset = 4;
 		qvpn_cfg->hdr_cfg.vpn_hdr_head_size = 4;
 	} else {
-		uint8_t *session_id = (uint8_t *)qvpn_cfg->hdr_cfg.vpn_hdr_head;
+		uint32_t *session_id = (uint32_t *)qvpn_cfg->hdr_cfg.vpn_hdr_head;
 
-		*session_id = (NSS_OVPNMGR_TUN_DATA_V1 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) | tun->outer.active.key_id;
+		*session_id = htonl((NSS_OVPNMGR_TUN_DATA_V1 << NSS_OVPNMGR_TUN_OPCODE_SHIFT) |
+					(tun->inner.active.key_id << NSS_OVPNMGR_TUN_KEY_ID_SHIFT));
 		/*
 		 * [op+kid|HMAC Len|IV|SNO|Inner Packet]
 		 * [1|20-32|16-24-32]