From: Qingfang Deng <qingfang.deng@linux.dev>
To: Antonio Quartulli <a@unstable.cc>, openvpn-devel@lists.sourceforge.net
Cc: Minqiang Chen <ptpt52@gmail.com>,
Sabrina Dubroca <sd@queasysnail.net>,
netdev@vger.kernel.org
Subject: Re: [Openvpn-devel] [PATCH ovpn-net-next] ovpn: reset MAC header before passing skb up
Date: Tue, 28 Apr 2026 10:08:00 +0800 [thread overview]
Message-ID: <501fb5d6-3247-40aa-aaa5-ce9dacb17255@linux.dev> (raw)
In-Reply-To: <101221c8-8e47-4fc1-9791-2ef3a0ae8312@unstable.cc>
Hi,
On 2026/4/27 17:45, Antonio Quartulli wrote:
> Hi Qingfang,
>
> thanks for the patch!
>
> On 27/04/2026 06:00, Qingfang Deng wrote:
>> After decapsulating a packet, the skb->mac_header still points to the
>> outer transport header. Call skb_reset_mac_header() in
>> ovpn_netdev_write() to ensure the MAC header points to the beginning of
>> the inner IP packet.
>
> May you elaborate on what this is exactly fixing?
> Did you encounter a bug triggered by this missing line?
>
> I am asking because I wonder what is "expected" as MAC header for a
> packet not having one at all (packets delivered to the ovpn interface
> are L3 only, as per the interface type itself).
For L3-only devices, the net core expects skb->mac_header ==
skb->network_header.
For example, in __netif_receive_skb_core(), skb_reset_mac_len() sets
skb->mac_len to (skb->network_header - skb->mac_header).
If skb->mac_header still has a stale value, this will incorrectly assign
a non-zero value to skb->mac_len.
Also, if generic XDP or SOCK_PACKET is used, either will do
skb_push(skb, skb->data - skb_mac_header(skb));
>
> Thanks!
>
> Regards,
>
>>
>> Reported-by: Minqiang Chen <ptpt52@gmail.com>
>> Fixes: 8534731dbf2d ("ovpn: implement packet processing")
>> Signed-off-by: Qingfang Deng <qingfang.deng@linux.dev>
>> ---
>> drivers/net/ovpn/io.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c
>> index db43a1f8a07a..d92bb87be2b2 100644
>> --- a/drivers/net/ovpn/io.c
>> +++ b/drivers/net/ovpn/io.c
>> @@ -85,6 +85,7 @@ static void ovpn_netdev_write(struct ovpn_peer
>> *peer, struct sk_buff *skb)
>> skb_scrub_packet(skb, true);
>> /* network header reset in ovpn_decrypt_post() */
>> + skb_reset_mac_header(skb);
>> skb_reset_transport_header(skb);
>> skb_reset_inner_headers(skb);
>
+Cc: netdev
Regards,
Qingfang
parent reply other threads:[~2026-04-28 2:08 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <101221c8-8e47-4fc1-9791-2ef3a0ae8312@unstable.cc>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=501fb5d6-3247-40aa-aaa5-ce9dacb17255@linux.dev \
--to=qingfang.deng@linux.dev \
--cc=a@unstable.cc \
--cc=netdev@vger.kernel.org \
--cc=openvpn-devel@lists.sourceforge.net \
--cc=ptpt52@gmail.com \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox