diff options
author | Yossi Kuperman <yossiku@mellanox.com> | 2018-01-23 00:16:21 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2018-01-23 10:56:36 +0100 |
commit | 5efec5c655dd31944af440ff2b0a93facc4a7762 (patch) | |
tree | 577ea2660c599eab1175b2e743ee147623c727b5 /net | |
parent | aa5dd6fa6f5d4bdc82a67e952bba8ad2e98d77e2 (diff) | |
download | linux-stable-5efec5c655dd31944af440ff2b0a93facc4a7762.tar.gz linux-stable-5efec5c655dd31944af440ff2b0a93facc4a7762.tar.bz2 linux-stable-5efec5c655dd31944af440ff2b0a93facc4a7762.zip |
xfrm: Fix eth_hdr(skb)->h_proto to reflect inner IP version
IPSec tunnel mode supports encapsulation of IPv4 over IPv6 and vice-versa.
The outer IP header is stripped and the inner IP inherits the original
Ethernet header. Tcpdump fails to properly decode the inner packet in
case that h_proto is different than the inner IP version.
Fix h_proto to reflect the inner IP version.
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/xfrm4_mode_tunnel.c | 1 | ||||
-rw-r--r-- | net/ipv6/xfrm6_mode_tunnel.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index e6265e2c274e..20ca486b3cad 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c @@ -92,6 +92,7 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) skb_reset_network_header(skb); skb_mac_header_rebuild(skb); + eth_hdr(skb)->h_proto = skb->protocol; err = 0; diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c index 02556e356f87..dc93002ff9d1 100644 --- a/net/ipv6/xfrm6_mode_tunnel.c +++ b/net/ipv6/xfrm6_mode_tunnel.c @@ -92,6 +92,7 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) skb_reset_network_header(skb); skb_mac_header_rebuild(skb); + eth_hdr(skb)->h_proto = skb->protocol; err = 0; |