[XFRM]: Fix SNAT-related crash in xfrm4_output_finish
When a packet matching an IPsec policy is SNATed so it doesn't match any policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish crash because of a NULL pointer dereference. This patch directs these packets to the original output path instead. Since the packets have already passed the POST_ROUTING hook, but need to start at the beginning of the original output path which includes another POST_ROUTING invocation, a flag is added to the IPCB to indicate that the packet was rerouted and doesn't need to pass the POST_ROUTING hook again. Signed-off-by:Patrick McHardy <kaber@trash.net> Signed-off-by:
Showing
- include/linux/netfilter.h 15 additions, 4 deletionsinclude/linux/netfilter.h
- include/net/ip.h 1 addition, 0 deletionsinclude/net/ip.h
- include/net/xfrm.h 0 additions, 1 deletioninclude/net/xfrm.h
- net/ipv4/ip_gre.c 2 additions, 1 deletionnet/ipv4/ip_gre.c
- net/ipv4/ip_output.c 10 additions, 6 deletionsnet/ipv4/ip_output.c
- net/ipv4/ipip.c 2 additions, 1 deletionnet/ipv4/ipip.c
- net/ipv4/xfrm4_output.c 10 additions, 3 deletionsnet/ipv4/xfrm4_output.c
Loading
Please register or sign in to comment