review.tizen.org Git - platform/kernel/linux-rpi.git/commit

xfrm: reset transport header back to network header after all input transforms ahave been applied

[ Upstream commit bfc0698bebcb16d19ecfc89574ad4d696955e5d3 ]

A policy may have been set up with multiple transforms (e.g., ESP
and ipcomp). In this situation, the ingress IPsec processing
iterates in xfrm_input() and applies each transform in turn,
processing the nexthdr to find any additional xfrm that may apply.

This patch resets the transport header back to network header
only after the last transformation so that subsequent xfrms
can find the correct transport header.

Fixes: 7785bba299a8 ("esp: Add a software GRO codepath")
Suggested-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Sowmini Varadhan <sowmini.varadhan@oracle.com>
	Mon, 3 Sep 2018 11:36:52 +0000 (04:36 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 4 Nov 2018 13:52:37 +0000 (14:52 +0100)
commit	a95d9004fbdedebb2e2550352808f0e8b1b0ae79
tree	bcb0a8d1f8e50c45466695f5f22ee984716ac88f	tree \| snapshot
parent	2a55e64d5c5e98e425f7eafd2c480440b4aa78c2	commit \| diff

net/ipv4/xfrm4_input.c		diff \| blob \| history
net/ipv4/xfrm4_mode_transport.c		diff \| blob \| history
net/ipv6/xfrm6_input.c		diff \| blob \| history
net/ipv6/xfrm6_mode_transport.c		diff \| blob \| history