summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2013-08-18 13:47:01 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2013-08-19 09:39:04 +0200
commit844d48746e4b281a933aedc0428048a1219b42f4 (patch)
treed456114029573629bada5ee6882e89f18c42cb18
parentipv6: xfrm: dereference inner ipv6 header if encapsulated (diff)
downloadlinux-844d48746e4b281a933aedc0428048a1219b42f4.tar.xz
linux-844d48746e4b281a933aedc0428048a1219b42f4.zip
xfrm: choose protocol family by skb protocol
We need to choose the protocol family by skb->protocol. Otherwise we call the wrong xfrm{4,6}_local_error handler in case an ipv6 sockets is used in ipv4 mode, in which case we should call down to xfrm4_local_error (ip6 sockets are a superset of ip4 ones). We are called before before ip_output functions, so skb->protocol is not reset. Cc: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r--include/net/xfrm.h4
-rw-r--r--net/xfrm/xfrm_output.c10
2 files changed, 11 insertions, 3 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index b41d2d10ff0e..ac5b02515355 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1728,9 +1728,9 @@ static inline int xfrm_skb_dst_mtu(struct sk_buff *skb)
{
struct sock *sk = skb->sk;
- if (sk && sk->sk_family == AF_INET6)
+ if (sk && skb->protocol == htons(ETH_P_IPV6))
return ip6_skb_dst_mtu(skb);
- else if (sk && sk->sk_family == AF_INET)
+ else if (sk && skb->protocol == htons(ETH_P_IP))
return ip_skb_dst_mtu(skb);
return dst_mtu(skb_dst(skb));
}
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 6f5fc612b162..3bb2cdc13b46 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -216,9 +216,17 @@ int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
void xfrm_local_error(struct sk_buff *skb, int mtu)
{
+ unsigned int proto;
struct xfrm_state_afinfo *afinfo;
- afinfo = xfrm_state_get_afinfo(skb->sk->sk_family);
+ if (skb->protocol == htons(ETH_P_IP))
+ proto = AF_INET;
+ else if (skb->protocol == htons(ETH_P_IPV6))
+ proto = AF_INET6;
+ else
+ return;
+
+ afinfo = xfrm_state_get_afinfo(proto);
if (!afinfo)
return;