diff options
author | 2020-10-28 21:11:21 +0100 | |
---|---|---|
committer | 2020-10-28 21:11:21 +0100 | |
commit | 1a4c693f0ea9295a58b3c82b872ed966650531d9 (patch) | |
tree | cfd09587efde838cb5efb8204741fd019ef8f3c3 /arch/mips/kernel/octeon_switch.S | |
parent | net: protect tcf_block_unbind with block lock (diff) | |
download | wireguard-linux-jd/orphan-parallel.tar.xz wireguard-linux-jd/orphan-parallel.zip |
wireguard: queueing: orphan outgoing packets to clear sk_bound_dev_ifjd/orphan-parallel
If netfilter changes the packet mark, the packet is rerouted. As part of
the rerouting, skb->sk->sk_bound_dev_if is consulted, per usual. But
when wireguard encapsulates packets, it fails to clear skb->sk,
resulting in a misrouting of the encapsulated packet, which should no
longer have the association to sk_bound_dev_if. This commit calls
skb_orphan in that case, just like what xfrmi does, so that skb->sk is
NULL in the rerouted case. We also add a test case in order to catch
regressions and demonstrate the bug.
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'arch/mips/kernel/octeon_switch.S')
0 files changed, 0 insertions, 0 deletions