From patchwork Thu Jan 26 10:29:34 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Hopps <chopps@labn.net>
X-Patchwork-Id: 13116849
X-Patchwork-Delegate: kuba@kernel.org
Return-Path: <netdev-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AE1C5C05027
	for <netdev@archiver.kernel.org>; Thu, 26 Jan 2023 10:37:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236530AbjAZKhv (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Thu, 26 Jan 2023 05:37:51 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33022 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236342AbjAZKhu (ORCPT
        <rfc822;netdev@vger.kernel.org>); Thu, 26 Jan 2023 05:37:50 -0500
X-Greylist: delayed 424 seconds by postgrey-1.37 at lindbergh.monkeyblade.net;
 Thu, 26 Jan 2023 02:37:49 PST
Received: from smtp.chopps.org (smtp.chopps.org [54.88.81.56])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id E0C6AAD30
        for <netdev@vger.kernel.org>; Thu, 26 Jan 2023 02:37:48 -0800 (PST)
Received: from labnh.big (172-222-091-149.res.spectrum.com [172.222.91.149])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits)
 server-digest SHA256)
        (Client did not present a certificate)
        by smtp.chopps.org (Postfix) with ESMTPSA id 29DD67D12D;
        Thu, 26 Jan 2023 10:30:43 +0000 (UTC)
From: Christian Hopps <chopps@labn.net>
To: Steffen Klassert <steffen.klassert@secunet.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, devel@linux-ipsec.org
Cc: Christian Hopps <chopps@labn.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>, netdev@vger.kernel.org,
        chopps@chopps.org
Subject: [PATCH] xfrm: fix bug with DSCP copy to v6 from v4 tunnel
Date: Thu, 26 Jan 2023 05:29:34 -0500
Message-Id: <20230126102933.1245451-1-chopps@labn.net>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

When copying the DSCP bits for decap-dscp into IPv6 don't assume the
outer encap is always IPv6. Instead, as with the inner IPv4 case, copy
the DSCP bits from the correctly saved "tos" value in the control block.

fixes: 227620e29509 ("[IPSEC]: Separate inner/outer mode processing on input")

Signed-off-by: Christian Hopps <chopps@labn.net>
---
 net/xfrm/xfrm_input.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index c06e54a10540..436d29640ac2 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -279,8 +279,7 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
 		goto out;
 
 	if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-		ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)),
-			       ipipv6_hdr(skb));
+		ipv6_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipipv6_hdr(skb));
 	if (!(x->props.flags & XFRM_STATE_NOECN))
 		ipip6_ecn_decapsulate(skb);