[PATCH v2] xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Maciej Żenczykowski" <maze@google.com>
To: "Maciej Żenczykowski" <zenczykowski@gmail.com>
Cc: "Linux Network Development Mailing List" <netdev@vger.kernel.org>,
	"Maciej Żenczykowski" <maze@google.com>,
	"Sabrina Dubroca" <sd@queasysnail.net>,
	"Steffen Klassert" <steffen.klassert@secunet.com>,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Benedict Wong" <benedictwong@google.com>,
	"Yan Yan" <evitayan@google.com>
Subject: [PATCH v2] xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
Date: Mon,  5 Jun 2023 04:06:54 -0700	[thread overview]
Message-ID: <20230605110654.809655-1-maze@google.com> (raw)
In-Reply-To: <20221026083203.2214468-1-zenczykowski@gmail.com>

Before Linux v5.8 an AF_INET6 SOCK_DGRAM (udp/udplite) socket
with SOL_UDP, UDP_ENCAP, UDP_ENCAP_ESPINUDP{,_NON_IKE} enabled
would just unconditionally use xfrm4_udp_encap_rcv(), afterwards
such a socket would use the newly added xfrm6_udp_encap_rcv()
which only handles IPv6 packets.

Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Benedict Wong <benedictwong@google.com>
Cc: Yan Yan <evitayan@google.com>
Fixes: 0146dca70b87 ('xfrm: add support for UDPv6 encapsulation of ESP')
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/ipv4/xfrm4_input.c | 1 +
 net/ipv6/xfrm6_input.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index ad2afeef4f10..eac206a290d0 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -164,6 +164,7 @@ int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
 	kfree_skb(skb);
 	return 0;
 }
+EXPORT_SYMBOL(xfrm4_udp_encap_rcv);
 
 int xfrm4_rcv(struct sk_buff *skb)
 {
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index 04cbeefd8982..4907ab241d6b 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -86,6 +86,9 @@ int xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
 	__be32 *udpdata32;
 	__u16 encap_type = up->encap_type;
 
+	if (skb->protocol == htons(ETH_P_IP))
+		return xfrm4_udp_encap_rcv(sk, skb);
+
 	/* if this is not encapsulated socket, then just return now */
 	if (!encap_type)
 		return 1;
-- 
2.41.0.rc0.172.g3f132b7071-goog

next prev parent reply	other threads:[~2023-06-05 11:07 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-26  8:32 [PATCH] xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets Maciej Żenczykowski
2022-10-26  8:42 ` Maciej Żenczykowski
2022-10-27  1:24   ` Jakub Kicinski
2022-10-27  1:52     ` Maciej Żenczykowski
2022-10-27  1:58       ` Jakub Kicinski
2022-10-27  4:47 ` kernel test robot
2023-06-05 11:06 ` Maciej Żenczykowski [this message]
2023-06-05 12:59   ` [PATCH v2] " Simon Horman
2023-06-05 21:38     ` Maciej Żenczykowski
2023-06-06  9:30       ` Simon Horman
2023-06-07  9:41       ` Steffen Klassert
2023-06-07 15:00       ` Sabrina Dubroca
2023-06-05 13:04   ` Simon Horman
2023-06-09  7:17   ` Steffen Klassert

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ad2afeef4f1 dfblob:eac206a290d dfblob:04cbeefd898
dfblob:4907ab241d6 )
 OR (
bs:"[PATCH v2] xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230605110654.809655-1-maze@google.com \
    --to=maze@google.com \
    --cc=benedictwong@google.com \
    --cc=evitayan@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sd@queasysnail.net \
    --cc=steffen.klassert@secunet.com \
    --cc=zenczykowski@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.