xfrm: fix bug with DSCP copy to v6 from v4 tunnel
[ Upstream commit6028da3f12] When copying the DSCP bits for decap-dscp into IPv6 don't assume the outer encap is always IPv6. Instead, as with the inner IPv4 case, copy the DSCP bits from the correctly saved "tos" value in the control block. Fixes:227620e295("[IPSEC]: Separate inner/outer mode processing on input") Signed-off-by: Christian Hopps <chopps@chopps.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Christian Hopps
Greg Kroah-Hartman
Родитель
6fe1ad42af
Коммит
fb022d7b1c
|
|
@ -278,8 +278,7 @@ static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (x->props.flags & XFRM_STATE_DECAP_DSCP)
|
if (x->props.flags & XFRM_STATE_DECAP_DSCP)
|
||||||
ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)),
|
ipv6_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipipv6_hdr(skb));
|
||||||
ipipv6_hdr(skb));
|
|
||||||
if (!(x->props.flags & XFRM_STATE_NOECN))
|
if (!(x->props.flags & XFRM_STATE_NOECN))
|
||||||
ipip6_ecn_decapsulate(skb);
|
ipip6_ecn_decapsulate(skb);
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче