Commit 044a832a authored by Steffen Klassert's avatar Steffen Klassert

xfrm: Fix local error reporting crash with interfamily tunnels

We set the outer mode protocol too early. As a result, the
local error handler might dispatch to the wrong address family
and report the error to a wrong socket type. We fix this by
setting the outer protocol to the skb after we accessed the
inner mode for the last time, right before we do the atcual
encapsulation where we switch finally to the outer mode.
Reported-by: default avatarChris Ruehl <chris.ruehl@gtsys.com.hk>
Tested-by: default avatarChris Ruehl <chris.ruehl@gtsys.com.hk>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent cd3bafc7
...@@ -63,6 +63,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -63,6 +63,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
return err; return err;
IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE; IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
skb->protocol = htons(ETH_P_IP);
return x->outer_mode->output2(x, skb); return x->outer_mode->output2(x, skb);
} }
...@@ -71,7 +72,6 @@ EXPORT_SYMBOL(xfrm4_prepare_output); ...@@ -71,7 +72,6 @@ EXPORT_SYMBOL(xfrm4_prepare_output);
int xfrm4_output_finish(struct sk_buff *skb) int xfrm4_output_finish(struct sk_buff *skb)
{ {
memset(IPCB(skb), 0, sizeof(*IPCB(skb))); memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
skb->protocol = htons(ETH_P_IP);
#ifdef CONFIG_NETFILTER #ifdef CONFIG_NETFILTER
IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;
......
...@@ -114,6 +114,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -114,6 +114,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
return err; return err;
skb->ignore_df = 1; skb->ignore_df = 1;
skb->protocol = htons(ETH_P_IPV6);
return x->outer_mode->output2(x, skb); return x->outer_mode->output2(x, skb);
} }
...@@ -122,7 +123,6 @@ EXPORT_SYMBOL(xfrm6_prepare_output); ...@@ -122,7 +123,6 @@ EXPORT_SYMBOL(xfrm6_prepare_output);
int xfrm6_output_finish(struct sk_buff *skb) int xfrm6_output_finish(struct sk_buff *skb)
{ {
memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
skb->protocol = htons(ETH_P_IPV6);
#ifdef CONFIG_NETFILTER #ifdef CONFIG_NETFILTER
IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment