From: Greg KH <gregkh@linuxfoundation.org>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: stable@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>
Subject: Re: [PATCH 6.1.y] ipv{4,6}/raw: fix output xfrm lookup wrt protocol
Date: Thu, 1 Jun 2023 10:30:21 +0100 [thread overview]
Message-ID: <2023060146-rewrap-vigorous-807a@gregkh> (raw)
In-Reply-To: <20230530163312.2550994-1-nicolas.dichtel@6wind.com>
On Tue, May 30, 2023 at 06:33:12PM +0200, Nicolas Dichtel wrote:
> With a raw socket bound to IPPROTO_RAW (ie with hdrincl enabled), the
> protocol field of the flow structure, build by raw_sendmsg() /
> rawv6_sendmsg()), is set to IPPROTO_RAW. This breaks the ipsec policy
> lookup when some policies are defined with a protocol in the selector.
>
> For ipv6, the sin6_port field from 'struct sockaddr_in6' could be used to
> specify the protocol. Just accept all values for IPPROTO_RAW socket.
>
> For ipv4, the sin_port field of 'struct sockaddr_in' could not be used
> without breaking backward compatibility (the value of this field was never
> checked). Let's add a new kind of control message, so that the userland
> could specify which protocol is used.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> CC: stable@vger.kernel.org
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> Link: https://lore.kernel.org/r/20230522120820.1319391-1-nicolas.dichtel@6wind.com
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> (cherry picked from commit 3632679d9e4f879f49949bb5b050e0de553e4739)
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---
>
> I include the IP_LOCAL_PORT_RANGE define in the backport, to avoid having a hole.
> I can resubmit without this if needed.
No, this is great, thanks!
> This patch can be applied on 5.15, 5.10, 5.4 and 4.19 stable trees also.
Now queued up there, but not to 6.1.y as Sasha took the prereq commit
instead and the original.
thanks,
greg k-h
next prev parent reply other threads:[~2023-06-01 9:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-26 19:05 FAILED: patch "[PATCH] ipv{4,6}/raw: fix output xfrm lookup wrt protocol" failed to apply to 6.1-stable tree gregkh
2023-05-30 16:33 ` [PATCH 6.1.y] ipv{4,6}/raw: fix output xfrm lookup wrt protocol Nicolas Dichtel
2023-06-01 9:30 ` Greg KH [this message]
2023-06-01 16:06 ` Nicolas Dichtel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023060146-rewrap-vigorous-807a@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=nicolas.dichtel@6wind.com \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox