github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 12:35:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
9ab1265d52
linux/include
History
Evan Nimmo 9ab1265d52 xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume 
A situation can occur where the interface bound to the sk is different
to the interface bound to the sk attached to the skb. The interface
bound to the sk is the correct one however this information is lost inside
xfrm_output2 and instead the sk on the skb is used in xfrm_output_resume
instead. This assumes that the sk bound interface and the bound interface
attached to the sk within the skb are the same which can lead to lookup
failures inside ip_route_me_harder resulting in the packet being dropped.

We have an l2tp v3 tunnel with ipsec protection. The tunnel is in the
global VRF however we have an encapsulated dot1q tunnel interface that
is within a different VRF. We also have a mangle rule that marks the
packets causing them to be processed inside ip_route_me_harder.

Prior to commit 31c70d5956 ("l2tp: keep original skb ownership") this
worked fine as the sk attached to the skb was changed from the dot1q
encapsulated interface to the sk for the tunnel which meant the interface
bound to the sk and the interface bound to the skb were identical.
Commit 46d6c5ae95 ("netfilter: use actual socket sk rather than skb sk
when routing harder") fixed some of these issues however a similar
problem existed in the xfrm code.

Fixes: 31c70d5956 ("l2tp: keep original skb ownership")
Signed-off-by: Evan Nimmo <evan.nimmo@alliedtelesis.co.nz>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2021-03-03 09:32:52 +01:00
..
acpi Merge branch 'acpi-messages' 2021-02-15 17:04:53 +01:00
asm-generic Scheduler updates for v5.12: 2021-02-21 12:35:04 -08:00
clocksource
crypto
drm drm/dp/mst: Export drm_dp_get_vc_payload_bw() 2021-02-02 17:31:37 +02:00
dt-bindings USB/Thunderbolt patches for 5.12-rc1 2021-02-20 21:32:37 -08:00
keys
kunit
kvm KVM: arm64: Replace KVM_ARM_PMU with HW_PERF_EVENTS 2021-01-04 16:50:16 +00:00
linux The performance event updates for v5.12 are: 2021-02-21 12:49:32 -08:00
math-emu
media media: v4l: common: Fix naming of v4l2_get_link_rate 2021-01-07 15:47:52 +01:00
memory
misc
net xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume 2021-03-03 09:32:52 +01:00
pcmcia
ras
rdma RDMA 5.11 pull request 2020-12-16 13:42:26 -08:00
scsi SCSI misc on 20201216 2020-12-16 13:34:31 -08:00
soc ARM: SoC drivers for v5.12 2021-02-20 18:42:28 -08:00
sound ALSA: pcm: One more dependency for hw constraints 2021-01-23 16:59:24 +01:00
target
trace These are the latest RCU updates for v5.12: 2021-02-21 12:04:41 -08:00
uapi The performance event updates for v5.12 are: 2021-02-21 12:49:32 -08:00
vdso
video
xen Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2021-02-20 17:45:32 -08:00