diff options
| author |   Tobias Brunner <tobias@strongswan.org> | 2024-03-15 15:35:40 +0100 |
|---|---|---|
| committer |   Paolo Abeni <pabeni@redhat.com> | 2024-03-19 13:45:58 +0100 |
| commit | c9b3b81716c5b92132a6c1d4ac3c48a7b44082ab (patch) | |
| tree | f572f04fb1be382da505db78077782f702f4e2a2 | |
| parent | hsr: Handle failures in module init (diff) | |
| download | wireguard-linux-c9b3b81716c5b92132a6c1d4ac3c48a7b44082ab.tar.xz wireguard-linux-c9b3b81716c5b92132a6c1d4ac3c48a7b44082ab.zip | |
ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
Since the referenced commit, the xfrm_inner_extract_output() function
uses the protocol field to determine the address family. So not setting
it for IPv4 raw sockets meant that such packets couldn't be tunneled via
IPsec anymore.
IPv6 raw sockets are not affected as they already set the protocol since
9c9c9ad5fae7 ("ipv6: set skb->protocol on tcp, raw and ip6_append_data
genereated skbs").
Fixes: f4796398f21b ("xfrm: Remove inner/outer modes from output path")
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Link: https://lore.kernel.org/r/c5d9a947-eb19-4164-ac99-468ea814ce20@strongswan.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
| -rw-r--r-- | net/ipv4/raw.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 12b3740393ba..dcb11f22cbf2 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -357,6 +357,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, goto error; skb_reserve(skb, hlen); + skb->protocol = htons(ETH_P_IP); skb->priority = READ_ONCE(sk->sk_priority); skb->mark = sockc->mark; skb->tstamp = sockc->transmit_time; |