xfrm: Fix eth_hdr(skb)->h_proto to reflect inner IP version

IPSec tunnel mode supports encapsulation of IPv4 over IPv6 and vice-versa. The outer IP header is stripped and the inner IP inherits the original Ethernet header. Tcpdump fails to properly decode the inner packet in case that h_proto is different than the inner IP version. Fix h_proto to reflect the inner IP version. Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Yossi Kuperman <yossiku@mellanox.com> 2018-01-22 17:16:21 -0500
committer: Steffen Klassert <steffen.klassert@secunet.com> 2018-01-23 04:56:36 -0500
commit: 5efec5c655dd31944af440ff2b0a93facc4a7762 (patch)
tree: 577ea2660c599eab1175b2e743ee147623c727b5 /net
parent: aa5dd6fa6f5d4bdc82a67e952bba8ad2e98d77e2 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index e6265e2c274e..20ca486b3cad 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -92,6 +92,7 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
        skb_reset_network_header(skb);
        skb_mac_header_rebuild(skb);
+        eth_hdr(skb)->h_proto = skb->protocol;
        err = 0;
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index 02556e356f87..dc93002ff9d1 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -92,6 +92,7 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
        skb_reset_network_header(skb);
        skb_mac_header_rebuild(skb);
+        eth_hdr(skb)->h_proto = skb->protocol;
        err = 0;
author	Yossi Kuperman <yossiku@mellanox.com>	2018-01-22 17:16:21 -0500
committer	Steffen Klassert <steffen.klassert@secunet.com>	2018-01-23 04:56:36 -0500
commit	5efec5c655dd31944af440ff2b0a93facc4a7762 (patch)
tree	577ea2660c599eab1175b2e743ee147623c727b5 /net
parent	aa5dd6fa6f5d4bdc82a67e952bba8ad2e98d77e2 (diff)