From patchwork Thu Jan 26 16:33:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Hopps X-Patchwork-Id: 13117454 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45FE1C54E94 for ; Thu, 26 Jan 2023 16:43:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232692AbjAZQnF (ORCPT ); Thu, 26 Jan 2023 11:43:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232336AbjAZQm5 (ORCPT ); Thu, 26 Jan 2023 11:42:57 -0500 X-Greylist: delayed 451 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 26 Jan 2023 08:42:51 PST Received: from smtp.chopps.org (smtp.chopps.org [54.88.81.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9485F558C for ; Thu, 26 Jan 2023 08:42:48 -0800 (PST) Received: from labnh.big (172-222-091-149.res.spectrum.com [172.222.91.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by smtp.chopps.org (Postfix) with ESMTPSA id C86627D134; Thu, 26 Jan 2023 16:35:16 +0000 (UTC) From: Christian Hopps To: Steffen Klassert , Herbert Xu , "David S. Miller" , devel@linux-ipsec.org Cc: Christian Hopps , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, chopps@labn.net Subject: [PATCH ipsec-next v2] xfrm: fix bug with DSCP copy to v6 from v4 tunnel Date: Thu, 26 Jan 2023 11:33:50 -0500 Message-Id: <20230126163350.1520752-1-chopps@chopps.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230126102933.1245451-1-chopps@labn.net> References: <20230126102933.1245451-1-chopps@labn.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org When copying the DSCP bits for decap-dscp into IPv6 don't assume the outer encap is always IPv6. Instead, as with the inner IPv4 case, copy the DSCP bits from the correctly saved "tos" value in the control block. Fixes: 227620e29509 ("[IPSEC]: Separate inner/outer mode processing on input") Signed-off-by: Christian Hopps Acked-by: Herbert Xu --- net/xfrm/xfrm_input.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index c06e54a10540..436d29640ac2 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -279,8 +279,7 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb) goto out; if (x->props.flags & XFRM_STATE_DECAP_DSCP) - ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)), - ipipv6_hdr(skb)); + ipv6_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipipv6_hdr(skb)); if (!(x->props.flags & XFRM_STATE_NOECN)) ipip6_ecn_decapsulate(skb);