| Message ID | 1356682036-25642-1-git-send-email-roy.qing.li@gmail.com |
|---|---|
| State | Not Applicable, archived |
| Delegated to: | David Miller |
| Headers | show |
From: roy.qing.li@gmail.com Date: Fri, 28 Dec 2012 16:07:16 +0800 > From: Li RongQing <roy.qing.li@gmail.com> > > IPsec tunnel does not set ECN field to CE in inner header when > the ECN field in the outer header is CE, and the ECN field in > the inner header is ECT(0) or ECT(1). > > The cause is ipip_hdr() does not return the correct address of > inner header since skb->transport-header is not the inner header > after esp_input_done2(), or ah_input(). > > Signed-off-by: Li RongQing <roy.qing.li@gmail.com> Likewise I'll leave this to Steffen. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Dec 28, 2012 at 04:07:16PM +0800, roy.qing.li@gmail.com wrote: > From: Li RongQing <roy.qing.li@gmail.com> > > IPsec tunnel does not set ECN field to CE in inner header when > the ECN field in the outer header is CE, and the ECN field in > the inner header is ECT(0) or ECT(1). > > The cause is ipip_hdr() does not return the correct address of > inner header since skb->transport-header is not the inner header > after esp_input_done2(), or ah_input(). > > Signed-off-by: Li RongQing <roy.qing.li@gmail.com> > --- > I know this bug, but no lab to verify if my patch is correct, > hope netdev experts can inspect this patch carefully, if this > can be accepted, I will do same fix for ah6/esp6 This looks ok to me, please submit the ipv6 side too. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Dec 28, 2012 at 04:07:16PM +0800, roy.qing.li@gmail.com wrote: > From: Li RongQing <roy.qing.li@gmail.com> > > IPsec tunnel does not set ECN field to CE in inner header when > the ECN field in the outer header is CE, and the ECN field in > the inner header is ECT(0) or ECT(1). > > The cause is ipip_hdr() does not return the correct address of > inner header since skb->transport-header is not the inner header > after esp_input_done2(), or ah_input(). > > Signed-off-by: Li RongQing <roy.qing.li@gmail.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index a0d8392..a154d0a 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -269,7 +269,11 @@ static void ah_input_done(struct crypto_async_request *base, int err) skb->network_header += ah_hlen; memcpy(skb_network_header(skb), work_iph, ihl); __skb_pull(skb, ah_hlen + ihl); - skb_set_transport_header(skb, -ihl); + + if (x->props.mode == XFRM_MODE_TUNNEL) + skb_reset_transport_header(skb); + else + skb_set_transport_header(skb, -ihl); out: kfree(AH_SKB_CB(skb)->tmp); xfrm_input_resume(skb, err); @@ -381,7 +385,10 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb) skb->network_header += ah_hlen; memcpy(skb_network_header(skb), work_iph, ihl); __skb_pull(skb, ah_hlen + ihl); - skb_set_transport_header(skb, -ihl); + if (x->props.mode == XFRM_MODE_TUNNEL) + skb_reset_transport_header(skb); + else + skb_set_transport_header(skb, -ihl); err = nexthdr; diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index b61e9de..fd26ff4 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -346,7 +346,10 @@ static int esp_input_done2(struct sk_buff *skb, int err) pskb_trim(skb, skb->len - alen - padlen - 2); __skb_pull(skb, hlen); - skb_set_transport_header(skb, -ihl); + if (x->props.mode == XFRM_MODE_TUNNEL) + skb_reset_transport_header(skb); + else + skb_set_transport_header(skb, -ihl); err = nexthdr[1];