]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit - net/ipv4/ip_vti.c
projects / mirror_ubuntu-hirsute-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2f30ea5) | patch
vti: use right inner_mode for inbound inter address family policy checks
authorthomas.zeitlhofer+lkml@ze-it.at <thomas.zeitlhofer+lkml@ze-it.at>
Wed, 7 Sep 2016 18:40:38 +0000 (20:40 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Fri, 9 Sep 2016 07:02:08 +0000 (09:02 +0200)
commit1fb81e09d487656aa23f2acb1232c7f56b4c2367
tree72a7c89c15f827148d5eab8a1136aa565a7f4988tree
parent2f30ea5090cbc57ea573cdc66421264b3de3fb0acommit | diff
vti: use right inner_mode for inbound inter address family policy checks

In case of inter address family tunneling (IPv6 over vti4 or IPv4 over
vti6), the inbound policy checks in vti_rcv_cb() and vti6_rcv_cb() are
using the wrong address family. As a result, all inbound inter address
family traffic is dropped.

Use the xfrm_ip2inner_mode() helper, as done in xfrm_input() (i.e., also
increment LINUX_MIB_XFRMINSTATEMODEERROR in case of error), to select the
inner_mode that contains the right address family for the inbound policy
checks.

Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/ipv4/ip_vti.c diff | blob | blame | history
net/ipv6/ip6_vti.c diff | blob | blame | history
Ubuntu Hirsute Linux kernel mirror