Commit b8469721 authored by Eyal Birger's avatar Eyal Birger Committed by Steffen Klassert
Browse files

xfrm: respect ip protocols rules criteria when performing dst lookups 



The series in the "fixes" tag added the ability to consider L4 attributes
in routing rules.

The dst lookup on the outer packet of encapsulated traffic in the xfrm
code was not adapted to this change, thus routing behavior that relies
on L4 information is not respected.

Pass the ip protocol information when performing dst lookups.

Fixes: a25724b0 ("Merge branch 'fib_rules-support-sport-dport-and-proto-match'")
Signed-off-by: default avatarEyal Birger <eyal.birger@gmail.com>
Tested-by: default avatarAntony Antony <antony.antony@secunet.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent e509996b

include/net/xfrm.h

+2 −0
Original line number Diff line number Diff line
@@ -356,6 +356,8 @@ struct xfrm_dst_lookup_params { 
	xfrm_address_t *saddr;

	xfrm_address_t *daddr;

	u32 mark;

	__u8 ipproto;

	union flowi_uli uli;

};



struct net_device;

net/ipv4/xfrm4_policy.c

+2 −0
Original line number Diff line number Diff line
@@ -30,6 +30,8 @@ static struct dst_entry *__xfrm4_dst_lookup(struct flowi4 *fl4, 
	fl4->flowi4_mark = params->mark;

	if (params->saddr)

		fl4->saddr = params->saddr->a4;

	fl4->flowi4_proto = params->ipproto;

	fl4->uli = params->uli;



	rt = __ip_route_output_key(params->net, fl4);

	if (!IS_ERR(rt))

net/ipv6/xfrm6_policy.c

+3 −0
Original line number Diff line number Diff line
@@ -37,6 +37,9 @@ static struct dst_entry *xfrm6_dst_lookup(const struct xfrm_dst_lookup_params *p 
	if (params->saddr)

		memcpy(&fl6.saddr, params->saddr, sizeof(fl6.saddr));



	fl6.flowi4_proto = params->ipproto;

	fl6.uli = params->uli;



	dst = ip6_route_output(params->net, NULL, &fl6);



	err = dst->error;

net/xfrm/xfrm_policy.c

+15 −0
Original line number Diff line number Diff line
@@ -315,6 +315,21 @@ static inline struct dst_entry *xfrm_dst_lookup(struct xfrm_state *x, 
	params.tos = tos;

	params.oif = oif;

	params.mark = mark;

	params.ipproto = x->id.proto;

	if (x->encap) {

		switch (x->encap->encap_type) {

		case UDP_ENCAP_ESPINUDP:

			params.ipproto = IPPROTO_UDP;

			params.uli.ports.sport = x->encap->encap_sport;

			params.uli.ports.dport = x->encap->encap_dport;

			break;

		case TCP_ENCAP_ESPINTCP:

			params.ipproto = IPPROTO_TCP;

			params.uli.ports.sport = x->encap->encap_sport;

			params.uli.ports.dport = x->encap->encap_dport;

			break;

		}

	}



	dst = __xfrm_dst_lookup(family, &params);