| From foo@baz Wed Aug 26 04:12:09 PM CEST 2020 |
| From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz> |
| Date: Wed, 19 Aug 2020 13:53:58 +1200 |
| Subject: gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY |
| |
| From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz> |
| |
| [ Upstream commit 272502fcb7cda01ab07fc2fcff82d1d2f73d43cc ] |
| |
| When receiving an IPv4 packet inside an IPv6 GRE packet, and the |
| IP6_TNL_F_RCV_DSCP_COPY flag is set on the tunnel, the IPv4 header would |
| get corrupted. This is due to the common ip6_tnl_rcv() function assuming |
| that the inner header is always IPv6. This patch checks the tunnel |
| protocol for IPv4 inner packets, but still defaults to IPv6. |
| |
| Fixes: 308edfdf1563 ("gre6: Cleanup GREv6 receive path, call common GRE functions") |
| Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/ip6_tunnel.c | 10 +++++++++- |
| 1 file changed, 9 insertions(+), 1 deletion(-) |
| |
| --- a/net/ipv6/ip6_tunnel.c |
| +++ b/net/ipv6/ip6_tunnel.c |
| @@ -871,7 +871,15 @@ int ip6_tnl_rcv(struct ip6_tnl *t, struc |
| struct metadata_dst *tun_dst, |
| bool log_ecn_err) |
| { |
| - return __ip6_tnl_rcv(t, skb, tpi, NULL, ip6ip6_dscp_ecn_decapsulate, |
| + int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t, |
| + const struct ipv6hdr *ipv6h, |
| + struct sk_buff *skb); |
| + |
| + dscp_ecn_decapsulate = ip6ip6_dscp_ecn_decapsulate; |
| + if (tpi->proto == htons(ETH_P_IP)) |
| + dscp_ecn_decapsulate = ip4ip6_dscp_ecn_decapsulate; |
| + |
| + return __ip6_tnl_rcv(t, skb, tpi, NULL, dscp_ecn_decapsulate, |
| log_ecn_err); |
| } |
| EXPORT_SYMBOL(ip6_tnl_rcv); |