| Message ID | c5d9a947-eb19-4164-ac99-468ea814ce20@strongswan.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | c9b3b81716c5b92132a6c1d4ac3c48a7b44082ab |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net,v2] ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels | expand |
On 3/15/24 8:35 AM, Tobias Brunner wrote: > Since the referenced commit, the xfrm_inner_extract_output() function > uses the protocol field to determine the address family. So not setting > it for IPv4 raw sockets meant that such packets couldn't be tunneled via > IPsec anymore. > > IPv6 raw sockets are not affected as they already set the protocol since > 9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data > genereated skbs"). > > Fixes: f4796398f21b ("xfrm: Remove inner/outer modes from output path") > Signed-off-by: Tobias Brunner <tobias@strongswan.org> > --- > net/ipv4/raw.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c > index 42ac434cfcfa..322e389021c3 100644 > --- a/net/ipv4/raw.c > +++ b/net/ipv4/raw.c > @@ -357,6 +357,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, > goto error; > skb_reserve(skb, hlen); > > + skb->protocol = htons(ETH_P_IP); > skb->priority = READ_ONCE(sk->sk_priority); > skb->mark = sockc->mark; > skb->tstamp = sockc->transmit_time; Reviewed-by: David Ahern <dsahern@kernel.org>
Le 15/03/2024 à 15:35, Tobias Brunner a écrit : > Since the referenced commit, the xfrm_inner_extract_output() function > uses the protocol field to determine the address family. So not setting > it for IPv4 raw sockets meant that such packets couldn't be tunneled via > IPsec anymore. > > IPv6 raw sockets are not affected as they already set the protocol since > 9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data > genereated skbs"). > > Fixes: f4796398f21b ("xfrm: Remove inner/outer modes from output path") > Signed-off-by: Tobias Brunner <tobias@strongswan.org> Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Hello: This patch was applied to netdev/net.git (main) by Paolo Abeni <pabeni@redhat.com>: On Fri, 15 Mar 2024 15:35:40 +0100 you wrote: > Since the referenced commit, the xfrm_inner_extract_output() function > uses the protocol field to determine the address family. So not setting > it for IPv4 raw sockets meant that such packets couldn't be tunneled via > IPsec anymore. > > IPv6 raw sockets are not affected as they already set the protocol since > 9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data > genereated skbs"). > > [...] Here is the summary with links: - [net,v2] ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels https://git.kernel.org/netdev/net/c/c9b3b81716c5 You are awesome, thank you!
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 42ac434cfcfa..322e389021c3 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -357,6 +357,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, goto error; skb_reserve(skb, hlen); + skb->protocol = htons(ETH_P_IP); skb->priority = READ_ONCE(sk->sk_priority); skb->mark = sockc->mark; skb->tstamp = sockc->transmit_time;
Since the referenced commit, the xfrm_inner_extract_output() function uses the protocol field to determine the address family. So not setting it for IPv4 raw sockets meant that such packets couldn't be tunneled via IPsec anymore. IPv6 raw sockets are not affected as they already set the protocol since 9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data genereated skbs"). Fixes: f4796398f21b ("xfrm: Remove inner/outer modes from output path") Signed-off-by: Tobias Brunner <tobias@strongswan.org> --- net/ipv4/raw.c | 1 + 1 file changed, 1 insertion(+)