| From stable-bounces@linux.kernel.org Wed Jun 6 22:41:41 2007 |
| Date: Wed, 06 Jun 2007 22:41:52 -0700 (PDT) |
| Message-Id: <20070606.224152.68156938.davem@davemloft.net> |
| To: stable@kernel.org |
| From: David Miller <davem@davemloft.net> |
| Cc: bunk@stusta.de |
| Subject: IPSEC: Fix panic when using inter address familiy IPsec on loopback. |
| |
| From: Kazunori MIYAZAWA <kazunori@miyazawa.org> |
| |
| Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv4/xfrm4_input.c | 6 ++---- |
| net/ipv4/xfrm4_mode_tunnel.c | 2 ++ |
| net/ipv6/xfrm6_input.c | 6 ++---- |
| net/ipv6/xfrm6_mode_tunnel.c | 1 + |
| 4 files changed, 7 insertions(+), 8 deletions(-) |
| |
| --- linux-2.6.21.4.orig/net/ipv4/xfrm4_input.c |
| +++ linux-2.6.21.4/net/ipv4/xfrm4_input.c |
| @@ -138,10 +138,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, |
| nf_reset(skb); |
| |
| if (decaps) { |
| - if (!(skb->dev->flags&IFF_LOOPBACK)) { |
| - dst_release(skb->dst); |
| - skb->dst = NULL; |
| - } |
| + dst_release(skb->dst); |
| + skb->dst = NULL; |
| netif_rx(skb); |
| return 0; |
| } else { |
| --- linux-2.6.21.4.orig/net/ipv4/xfrm4_mode_tunnel.c |
| +++ linux-2.6.21.4/net/ipv4/xfrm4_mode_tunnel.c |
| @@ -84,6 +84,8 @@ static int xfrm4_tunnel_output(struct xf |
| top_iph->saddr = x->props.saddr.a4; |
| top_iph->daddr = x->id.daddr.a4; |
| |
| + skb->protocol = htons(ETH_P_IP); |
| + |
| memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); |
| return 0; |
| } |
| --- linux-2.6.21.4.orig/net/ipv6/xfrm6_input.c |
| +++ linux-2.6.21.4/net/ipv6/xfrm6_input.c |
| @@ -104,10 +104,8 @@ int xfrm6_rcv_spi(struct sk_buff *skb, _ |
| nf_reset(skb); |
| |
| if (decaps) { |
| - if (!(skb->dev->flags&IFF_LOOPBACK)) { |
| - dst_release(skb->dst); |
| - skb->dst = NULL; |
| - } |
| + dst_release(skb->dst); |
| + skb->dst = NULL; |
| netif_rx(skb); |
| return -1; |
| } else { |
| --- linux-2.6.21.4.orig/net/ipv6/xfrm6_mode_tunnel.c |
| +++ linux-2.6.21.4/net/ipv6/xfrm6_mode_tunnel.c |
| @@ -80,6 +80,7 @@ static int xfrm6_tunnel_output(struct xf |
| top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT); |
| ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); |
| ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); |
| + skb->protocol = htons(ETH_P_IPV6); |
| return 0; |
| } |
| |