| Message ID | 4b5a7ed6ce98b91362f2d16c84655919299c40e3.1661341717.git.sd@queasysnail.net (mailing list archive) |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [ipsec] esp: choose the correct inner protocol for GSO on inter address family tunnels | expand |
On Thu, Aug 25, 2022 at 05:16:51PM +0200, Sabrina Dubroca wrote: > Commit 23c7f8d7989e ("net: Fix esp GSO on inter address family > tunnels.") is incomplete. It passes to skb_eth_gso_segment the > protocol for the outer IP version, instead of the inner IP version, so > we end up calling inet_gso_segment on an inner IPv6 packet and > ipv6_gso_segment on an inner IPv4 packet and the packets are dropped. > > This patch completes the fix by selecting the correct protocol based > on the inner mode's family. > > Fixes: c35fe4106b92 ("xfrm: Add mode handlers for IPsec on layer 2") > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Applied, thanks a lot Sabrina!
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c index 935026f4c807..170152772d33 100644 --- a/net/ipv4/esp4_offload.c +++ b/net/ipv4/esp4_offload.c @@ -110,7 +110,10 @@ static struct sk_buff *xfrm4_tunnel_gso_segment(struct xfrm_state *x, struct sk_buff *skb, netdev_features_t features) { - return skb_eth_gso_segment(skb, features, htons(ETH_P_IP)); + __be16 type = x->inner_mode.family == AF_INET6 ? htons(ETH_P_IPV6) + : htons(ETH_P_IP); + + return skb_eth_gso_segment(skb, features, type); } static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x, diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c index 3a293838a91d..79d43548279c 100644 --- a/net/ipv6/esp6_offload.c +++ b/net/ipv6/esp6_offload.c @@ -145,7 +145,10 @@ static struct sk_buff *xfrm6_tunnel_gso_segment(struct xfrm_state *x, struct sk_buff *skb, netdev_features_t features) { - return skb_eth_gso_segment(skb, features, htons(ETH_P_IPV6)); + __be16 type = x->inner_mode.family == AF_INET ? htons(ETH_P_IP) + : htons(ETH_P_IPV6); + + return skb_eth_gso_segment(skb, features, type); } static struct sk_buff *xfrm6_transport_gso_segment(struct xfrm_state *x,
Commit 23c7f8d7989e ("net: Fix esp GSO on inter address family tunnels.") is incomplete. It passes to skb_eth_gso_segment the protocol for the outer IP version, instead of the inner IP version, so we end up calling inet_gso_segment on an inner IPv6 packet and ipv6_gso_segment on an inner IPv4 packet and the packets are dropped. This patch completes the fix by selecting the correct protocol based on the inner mode's family. Fixes: c35fe4106b92 ("xfrm: Add mode handlers for IPsec on layer 2") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> --- net/ipv4/esp4_offload.c | 5 ++++- net/ipv6/esp6_offload.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-)