diff options
Diffstat (limited to 'actual_udpencap_fix.patch')
-rw-r--r-- | actual_udpencap_fix.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/actual_udpencap_fix.patch b/actual_udpencap_fix.patch new file mode 100644 index 000000000..bba8b7676 --- /dev/null +++ b/actual_udpencap_fix.patch @@ -0,0 +1,45 @@ +From: Steffen Klassert <steffen.klassert@secunet.com> +Subject: [PATCH] esp4: Fix udpencap for local TCP packets. + +Locally generated TCP packets are usually cloned, so we +do skb_cow_data() on this packets. After that we need to +reload the pointer to the esp header. On udpencap this +header has an offset to skb_transport_header, so take this +offset into account. + +Fixes: commit cac2661c53f ("esp4: Avoid skb_cow_data whenever possible") +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/ipv4/esp4.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index b1e2444..ab71fbb 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -223,6 +223,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + int extralen; + int tailen; + __be64 seqno; ++ int esp_offset = 0; + __u8 proto = *skb_mac_header(skb); + + /* skb is pure payload to encrypt */ +@@ -288,6 +289,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + break; + } + ++ esp_offset = (unsigned char *)esph - (unsigned char *)uh; ++ + *skb_mac_header(skb) = IPPROTO_UDP; + } + +@@ -397,7 +400,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + goto error; + nfrags = err; + tail = skb_tail_pointer(trailer); +- esph = ip_esp_hdr(skb); ++ esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esp_offset); + + skip_cow: + esp_output_fill_trailer(tail, tfclen, plen, proto); |