Commit 595da751 authored Feb 26, 2026 by Antony Antony Committed by Jakub Kicinski Feb 28, 2026

icmp: fix ICMP error source address when xfrm policy matches



When an IPsec gateway generates an ICMP error (e.g., Destination Host
Unreachable), the source address incorrectly shows the unreachable
destination instead of the gateway's address. IPv6 behaves correctly.

Before fix:
  ping 10.1.6.3
  From 10.1.6.3 icmp_seq=1 Destination Host Unreachable
  (wrong - 10.1.6.3 is the unreachable host)

After fix:
  ping 10.1.6.3
  From 10.1.5.2 icmp_seq=1 Destination Host Unreachable
  (correct - 10.1.5.2 is the gateway)

The fix removes the memcpy that overwrote fl4 with fl4_dec after
xfrm_lookup(). A follow-up commit adds a selftest.

Fixes: 415b3334 ("icmp: Fix regression in nexthop resolution during replies.")
Cc: stable+noautosel@kernel.org # Avoid false positives in tests
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Acked-by: Tobias Brunner <tobias@strongswan.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/19a0156ff6e76baa323a81d710510d399a6ff63a.1772101380.git.antony.antony@secunet.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent d578b472

net/ipv4/icmp.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -591,7 +591,6 @@ static struct rtable icmp_route_lookup(struct net net, struct flowi4 *fl4,
		rt2 = dst_rtable(dst2);
		if (!IS_ERR(dst2)) {
		dst_release(&rt->dst);
		memcpy(fl4, &fl4_dec, sizeof(*fl4));
		rt = rt2;
		} else if (PTR_ERR(dst2) == -EPERM) {
		if (rt)