Commit 1166a530 authored Jun 05, 2023 by Maciej Żenczykowski Committed by Steffen Klassert Jun 09, 2023

xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets

Before Linux v5.8 an AF_INET6 SOCK_DGRAM (udp/udplite) socket
with SOL_UDP, UDP_ENCAP, UDP_ENCAP_ESPINUDP{,_NON_IKE} enabled
would just unconditionally use xfrm4_udp_encap_rcv(), afterwards
such a socket would use the newly added xfrm6_udp_encap_rcv()
which only handles IPv6 packets.

Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Benedict Wong <benedictwong@google.com>
Cc: Yan Yan <evitayan@google.com>
Fixes: 0146dca7 ("xfrm: add support for UDPv6 encapsulation of ESP")
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

parent bf06fcf4

net/ipv4/xfrm4_input.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -164,6 +164,7 @@ int xfrm4_udp_encap_rcv(struct sock sk, struct sk_buff skb)
		kfree_skb(skb);
		return 0;
		}
		EXPORT_SYMBOL(xfrm4_udp_encap_rcv);

		int xfrm4_rcv(struct sk_buff *skb)
		{

net/ipv6/xfrm6_input.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -86,6 +86,9 @@ int xfrm6_udp_encap_rcv(struct sock sk, struct sk_buff skb)
		__be32 *udpdata32;
		__u16 encap_type = up->encap_type;

		if (skb->protocol == htons(ETH_P_IP))
		return xfrm4_udp_encap_rcv(sk, skb);

		/* if this is not encapsulated socket, then just return now */
		if (!encap_type)
		return 1;