17 Jan
2025
17 Jan
'25
12:16 p.m.
2025-01-13, 10:31:28 +0100, Antonio Quartulli wrote:
static bool ovpn_encrypt_one(struct ovpn_peer *peer, struct sk_buff *skb) {
- ovpn_skb_cb(skb)->peer = peer;
- struct ovpn_crypto_key_slot *ks;
- if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_help(skb))) {net_warn_ratelimited("%s: cannot compute checksum for outgoing packet for peer %u\n",netdev_name(peer->ovpn->dev), peer->id);return false;- }
- /* get primary key to be used for encrypting data */
- ks = ovpn_crypto_key_slot_primary(&peer->crypto);
- if (unlikely(!ks))
return false;/* take a reference to the peer because the crypto code may run async. * ovpn_encrypt_post() will release it upon completion @@ -118,7 +244,8 @@ static bool ovpn_encrypt_one(struct ovpn_peer *peer, struct sk_buff *skb)
Adding in the few lines that got snipped:
/* take a reference to the peer because the crypto code may run async. * ovpn_encrypt_post() will release it upon completion */ if (unlikely(!ovpn_peer_hold(peer))) { DEBUG_NET_WARN_ON_ONCE(1); return false; }
This should never happen, but just in case, we'd want ovpn_crypto_key_slot_put() here.
return false;}
--
Sabrina