diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2020-10-28 21:11:21 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-10-28 21:11:21 +0100 |
| commit | 1a4c693f0ea9295a58b3c82b872ed966650531d9 (patch) | |
| tree | cfd09587efde838cb5efb8204741fd019ef8f3c3 /drivers/net/wireguard/queueing.h | |
| parent | net: protect tcf_block_unbind with block lock (diff) | |
| download | wireguard-linux-jd/orphan-parallel.tar.xz wireguard-linux-jd/orphan-parallel.zip | |
wireguard: queueing: orphan outgoing packets to clear sk_bound_dev_ifjd/orphan-parallel
If netfilter changes the packet mark, the packet is rerouted. As part of
the rerouting, skb->sk->sk_bound_dev_if is consulted, per usual. But
when wireguard encapsulates packets, it fails to clear skb->sk,
resulting in a misrouting of the encapsulated packet, which should no
longer have the association to sk_bound_dev_if. This commit calls
skb_orphan in that case, just like what xfrmi does, so that skb->sk is
NULL in the rerouted case. We also add a test case in order to catch
regressions and demonstrate the bug.
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
| -rw-r--r-- | drivers/net/wireguard/queueing.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index dfb674e03076..8e48031ba5cf 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -85,6 +85,7 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) skb->l4_hash = l4_hash; skb->sw_hash = sw_hash; skb->hash = hash; + skb_orphan(skb); } skb->queue_mapping = 0; skb->nohdr = 0; |