| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4f0d0955-8bfc-486e-a44f-0e12af8a403f@strongswan.org>
Date: Fri, 15 Mar 2024 13:25:48 +0100
From: Tobias Brunner <tobias@...ongswan.org>
To: "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>
Cc: netdev@...r.kernel.org, Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>
Subject: [PATCH net] ipv4: raw: Fix sending packets from raw sockets via IPsec
tunnels
Since the referenced commit, the xfrm_inner_extract_output() function
uses the skb's protocol field to determine the address family. So not
setting it for IPv4 raw sockets meant that such packets couldn't be
tunneled via IPsec anymore.
IPv6 raw sockets are not affected as they already set the protocol since
9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data
genereated skbs").
Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
Signed-off-by: Tobias Brunner <tobias@...ongswan.org>
---
net/ipv4/raw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 42ac434cfcfa..322e389021c3 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -357,6 +357,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
goto error;
skb_reserve(skb, hlen);
+ skb->protocol = htons(ETH_P_IP);
skb->priority = READ_ONCE(sk->sk_priority);
skb->mark = sockc->mark;
skb->tstamp = sockc->transmit_time;
--
2.34.1
Powered by blists - more mailing lists