xfrm: Fix local error reporting crash with interfamily tunnels

We set the outer mode protocol too early. As a result, the local error handler might dispatch to the wrong address family and report the error to a wrong socket type. We fix this by setting the outer protocol to the skb after we accessed the inner mode for the last time, right before we do the atcual encapsulation where we switch finally to the outer mode. Reported-by: Chris Ruehl <chris.ruehl@gtsys.com.hk> Tested-by: Chris Ruehl <chris.ruehl@gtsys.com.hk> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Steffen Klassert <steffen.klassert@secunet.com> 2015-01-12 07:38:49 -0500
committer: Steffen Klassert <steffen.klassert@secunet.com> 2015-02-09 05:14:17 -0500
commit: 044a832a7779c0638bea2d0fea901c055b995f4a (patch)
tree: dede82b9efbd76456e5cc88723763330f29539a5 /net/ipv6
parent: cd3bafc73d11eb51cb2d3691629718431e1768ce (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index ca3f29b98ae5..010f8bd2d577 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -114,6 +114,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
                return err;
        skb->ignore_df = 1;
+        skb->protocol = htons(ETH_P_IPV6);
        return x->outer_mode->output2(x, skb);
 }
@@ -122,7 +123,6 @@ EXPORT_SYMBOL(xfrm6_prepare_output);
 int xfrm6_output_finish(struct sk_buff *skb)
 {
        memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
-        skb->protocol = htons(ETH_P_IPV6);
 #ifdef CONFIG_NETFILTER
        IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
author	Steffen Klassert <steffen.klassert@secunet.com>	2015-01-12 07:38:49 -0500
committer	Steffen Klassert <steffen.klassert@secunet.com>	2015-02-09 05:14:17 -0500
commit	044a832a7779c0638bea2d0fea901c055b995f4a (patch)
tree	dede82b9efbd76456e5cc88723763330f29539a5 /net/ipv6
parent	cd3bafc73d11eb51cb2d3691629718431e1768ce (diff)