Commit aeb48a42 authored by Antony Antony's avatar Antony Antony Committed by Steffen Klassert
Browse files

udpencap: Remove Obsolete UDP_ENCAP_ESPINUDP_NON_IKE Support 

The UDP_ENCAP_ESPINUDP_NON_IKE mode, introduced into the Linux kernel
in 2004 [2], has remained inactive and obsolete for an extended period.

This mode was originally defined in an early version of an IETF draft
[1] from 2001. By the time it was integrated into the kernel in 2004 [2],
it had already been replaced by UDP_ENCAP_ESPINUDP [3] in later
versions of draft-ietf-ipsec-udp-encaps, particularly in version 06.

Over time, UDP_ENCAP_ESPINUDP_NON_IKE has lost its relevance, with no
known use cases.

With this commit, we remove support for UDP_ENCAP_ESPINUDP_NON_IKE,
simplifying the codebase and eliminating unnecessary complexity.
Kernel will return an error -ENOPROTOOPT if the userspace tries to set
this option.

References:
[1] https://datatracker.ietf.org/doc/html/draft-ietf-ipsec-udp-encaps-00.txt



[2] Commit that added UDP_ENCAP_ESPINUDP_NON_IKE to the Linux historic
    repository.

    Author: Andreas Gruenbacher <agruen@suse.de>
    Date: Fri Apr 9 01:47:47 2004 -0700

   [IPSEC]: Support draft-ietf-ipsec-udp-encaps-00/01, some ipec impls need it.

[3] Commit that added UDP_ENCAP_ESPINUDP to the Linux historic
    repository.

    Author: Derek Atkins <derek@ihtfp.com>
    Date: Wed Apr 2 13:21:02 2003 -0800

    [IPSEC]: Implement UDP Encapsulation framework.

Signed-off-by: default avatarAntony Antony <antony.antony@secunet.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 267e3175

include/uapi/linux/udp.h

+1 −1
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ struct udphdr { 
#define UDP_GRO		104	/* This socket can receive UDP GRO packets */



/* UDP encapsulation types */

#define UDP_ENCAP_ESPINUDP_NON_IKE	1 /* draft-ietf-ipsec-nat-t-ike-00/01 */

#define UDP_ENCAP_ESPINUDP_NON_IKE	1 /* unused  draft-ietf-ipsec-nat-t-ike-00/01 */

#define UDP_ENCAP_ESPINUDP	2 /* draft-ietf-ipsec-udp-encaps-06 */

#define UDP_ENCAP_L2TPINUDP	3 /* rfc2661 */

#define UDP_ENCAP_GTP0		4 /* GSM TS 09.60 */

net/ipv4/esp4.c

+0 −12
Original line number Diff line number Diff line
@@ -347,7 +347,6 @@ static struct ip_esp_hdr *esp_output_udp_encap(struct sk_buff *skb, 
					       __be16 dport)

{

	struct udphdr *uh;

	__be32 *udpdata32;

	unsigned int len;



	len = skb->len + esp->tailen - skb_transport_offset(skb);
@@ -362,12 +361,6 @@ static struct ip_esp_hdr *esp_output_udp_encap(struct sk_buff *skb, 


	*skb_mac_header(skb) = IPPROTO_UDP;



	if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {

		udpdata32 = (__be32 *)(uh + 1);

		udpdata32[0] = udpdata32[1] = 0;

		return (struct ip_esp_hdr *)(udpdata32 + 2);

	}



	return (struct ip_esp_hdr *)(uh + 1);

}
@@ -423,7 +416,6 @@ static int esp_output_encap(struct xfrm_state *x, struct sk_buff *skb, 
	switch (encap_type) {

	default:

	case UDP_ENCAP_ESPINUDP:

	case UDP_ENCAP_ESPINUDP_NON_IKE:

		esph = esp_output_udp_encap(skb, encap_type, esp, sport, dport);

		break;

	case TCP_ENCAP_ESPINTCP:
@@ -775,7 +767,6 @@ int esp_input_done2(struct sk_buff *skb, int err) 
			source = th->source;

			break;

		case UDP_ENCAP_ESPINUDP:

		case UDP_ENCAP_ESPINUDP_NON_IKE:

			source = uh->source;

			break;

		default:
@@ -1179,9 +1170,6 @@ static int esp_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 
		case UDP_ENCAP_ESPINUDP:

			x->props.header_len += sizeof(struct udphdr);

			break;

		case UDP_ENCAP_ESPINUDP_NON_IKE:

			x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);

			break;

#ifdef CONFIG_INET_ESPINTCP

		case TCP_ENCAP_ESPINTCP:

			/* only the length field, TCP encap is done by

net/ipv4/udp.c

+0 −2
Original line number Diff line number Diff line
@@ -2699,8 +2699,6 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname, 
#ifdef CONFIG_XFRM

		case UDP_ENCAP_ESPINUDP:

			set_xfrm_gro_udp_encap_rcv(val, sk->sk_family, sk);

			fallthrough;

		case UDP_ENCAP_ESPINUDP_NON_IKE:

#if IS_ENABLED(CONFIG_IPV6)

			if (sk->sk_family == AF_INET6)

				WRITE_ONCE(up->encap_rcv,

net/ipv4/xfrm4_input.c

+0 −13
Original line number Diff line number Diff line
@@ -113,19 +113,6 @@ static int __xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb, bool pull 
			/* Must be an IKE packet.. pass it through */

			return 1;

		break;

	case UDP_ENCAP_ESPINUDP_NON_IKE:

		/* Check if this is a keepalive packet.  If so, eat it. */

		if (len == 1 && udpdata[0] == 0xff) {

			return -EINVAL;

		} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&

			   udpdata32[0] == 0 && udpdata32[1] == 0) {



			/* ESP Packet with Non-IKE marker */

			len = sizeof(struct udphdr) + 2 * sizeof(u32);

		} else

			/* Must be an IKE packet.. pass it through */

			return 1;

		break;

	}



	/* At this point we are sure that this is an ESPinUDP packet,

net/ipv6/esp6.c

+0 −12
Original line number Diff line number Diff line
@@ -383,7 +383,6 @@ static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb, 
					       __be16 dport)

{

	struct udphdr *uh;

	__be32 *udpdata32;

	unsigned int len;



	len = skb->len + esp->tailen - skb_transport_offset(skb);
@@ -398,12 +397,6 @@ static struct ip_esp_hdr *esp6_output_udp_encap(struct sk_buff *skb, 


	*skb_mac_header(skb) = IPPROTO_UDP;



	if (encap_type == UDP_ENCAP_ESPINUDP_NON_IKE) {

		udpdata32 = (__be32 *)(uh + 1);

		udpdata32[0] = udpdata32[1] = 0;

		return (struct ip_esp_hdr *)(udpdata32 + 2);

	}



	return (struct ip_esp_hdr *)(uh + 1);

}
@@ -459,7 +452,6 @@ static int esp6_output_encap(struct xfrm_state *x, struct sk_buff *skb, 
	switch (encap_type) {

	default:

	case UDP_ENCAP_ESPINUDP:

	case UDP_ENCAP_ESPINUDP_NON_IKE:

		esph = esp6_output_udp_encap(skb, encap_type, esp, sport, dport);

		break;

	case TCP_ENCAP_ESPINTCP:
@@ -822,7 +814,6 @@ int esp6_input_done2(struct sk_buff *skb, int err) 
			source = th->source;

			break;

		case UDP_ENCAP_ESPINUDP:

		case UDP_ENCAP_ESPINUDP_NON_IKE:

			source = uh->source;

			break;

		default:
@@ -1232,9 +1223,6 @@ static int esp6_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) 
		case UDP_ENCAP_ESPINUDP:

			x->props.header_len += sizeof(struct udphdr);

			break;

		case UDP_ENCAP_ESPINUDP_NON_IKE:

			x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32);

			break;

#ifdef CONFIG_INET6_ESPINTCP

		case TCP_ENCAP_ESPINTCP:

			/* only the length field, TCP encap is done by