1 files changed, 45 insertions, 0 deletions

diff --git a/actual_udpencap_fix.patch b/actual_udpencap_fix.patch
new file mode 100644
index 000000000..bba8b7676
--- /dev/null
+++ b/actual_udpencap_fix.patch
@@ -0,0 +1,45 @@
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Subject: [PATCH] esp4: Fix udpencap for local TCP packets.
+
+Locally generated TCP packets are usually cloned, so we
+do skb_cow_data() on this packets. After that we need to
+reload the pointer to the esp header. On udpencap this
+header has an offset to skb_transport_header, so take this
+offset into account.
+
+Fixes: commit cac2661c53f ("esp4: Avoid skb_cow_data whenever possible")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+---
+ net/ipv4/esp4.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index b1e2444..ab71fbb 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -223,6 +223,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+ 	int extralen;
+ 	int tailen;
+ 	__be64 seqno;
++	int esp_offset = 0;
+ 	__u8 proto = *skb_mac_header(skb);
+ 
+ 	/* skb is pure payload to encrypt */
+@@ -288,6 +289,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+ 			break;
+ 		}
+ 
++		esp_offset = (unsigned char *)esph - (unsigned char *)uh;
++
+ 		*skb_mac_header(skb) = IPPROTO_UDP;
+ 	}
+ 
+@@ -397,7 +400,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+ 		goto error;
+ 	nfrags = err;
+ 	tail = skb_tail_pointer(trailer);
+-	esph = ip_esp_hdr(skb);
++	esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esp_offset);
+ 
+ skip_cow:
+ 	esp_output_fill_trailer(tail, tfclen, plen, proto);