• Xin Long's avatar
    xfrm: interface: fix the priorities for ipip and ipv6 tunnels · 7fe94612
    Xin Long authored
    As Nicolas noticed in his case, when xfrm_interface module is installed
    the standard IP tunnels will break in receiving packets.
    
    This is caused by the IP tunnel handlers with a higher priority in xfrm
    interface processing incoming packets by xfrm_input(), which would drop
    the packets and return 0 instead when anything wrong happens.
    
    Rather than changing xfrm_input(), this patch is to adjust the priority
    for the IP tunnel handlers in xfrm interface, so that the packets would
    go to xfrmi's later than the others', as the others' would not drop the
    packets when the handlers couldn't process them.
    
    Note that IPCOMP also defines its own IPIP tunnel handler and it calls
    xfrm_input() as well, so we must make its priority lower than xfrmi's,
    which means having xfrmi loaded would still break IPCOMP. We may seek
    another way to fix it in xfrm_input() in the future.
    Reported-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
    Tested-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
    Fixes: da9bbf05 ("xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler")
    FIxes: d7b360c2 ("xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler")
    Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
    Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
    7fe94612
xfrm_interface.c 23.4 KB