wireguard: queueing: orphan outgoing packets to clear sk_bound_dev_if
If netfilter changes the packet mark, the packet is rerouted. As part of
the rerouting, skb->sk->sk_bound_dev_if is consulted, per usual. But
when wireguard encapsulates packets, it fails to clear skb->sk,
resulting in a misrouting of the encapsulated packet, which should no
longer have the association to sk_bound_dev_if. This commit calls
skb_orphan in that case, just like what xfrmi does, so that skb->sk is
NULL in the rerouted case. We also add a test case in order to catch
regressions and demonstrate the bug.
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3 files changed
