]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
authorTobias Brunner <tobias@strongswan.org>
Fri, 15 Mar 2024 14:35:40 +0000 (15:35 +0100)
committerPaolo Abeni <pabeni@redhat.com>
Tue, 19 Mar 2024 12:45:58 +0000 (13:45 +0100)
Since the referenced commit, the xfrm_inner_extract_output() function
uses the protocol field to determine the address family.  So not setting
it for IPv4 raw sockets meant that such packets couldn't be tunneled via
IPsec anymore.

IPv6 raw sockets are not affected as they already set the protocol since
9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data
genereated skbs").

Fixes: f4796398f21b ("xfrm: Remove inner/outer modes from output path")
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Link: https://lore.kernel.org/r/c5d9a947-eb19-4164-ac99-468ea814ce20@strongswan.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
net/ipv4/raw.c

index 12b3740393ba57d14be54dc4ae31d75952002c3b..dcb11f22cbf2b437405d1b373dd0ebc37d02c9ec 100644 (file)
@@ -357,6 +357,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
                goto error;
        skb_reserve(skb, hlen);
 
+       skb->protocol = htons(ETH_P_IP);
        skb->priority = READ_ONCE(sk->sk_priority);
        skb->mark = sockc->mark;
        skb->tstamp = sockc->transmit_time;