Blame - target/linux/generic/backport-5.4/080-wireguard-0096-wireguard-receive-use-tunnel-helpers-for-decapsulati.patch - T108

blob: a72358c30206e01bc4f46e56530c859671a001b6 [file] [log] [blame]

b.liu	e958203	2025-04-17 19:18:16 +0800	[diff] [blame]	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
				2	From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>
				3	Date: Wed, 29 Apr 2020 14:59:22 -0600
				4	Subject: [PATCH] wireguard: receive: use tunnel helpers for decapsulating ECN
				5	markings
				6	MIME-Version: 1.0
				7	Content-Type: text/plain; charset=UTF-8
				8	Content-Transfer-Encoding: 8bit
				9
				10	commit eebabcb26ea1e3295704477c6cd4e772c96a9559 upstream.
				11
				12	WireGuard currently only propagates ECN markings on tunnel decap according
				13	to the old RFC3168 specification. However, the spec has since been updated
				14	in RFC6040 to recommend slightly different decapsulation semantics. This
				15	was implemented in the kernel as a set of common helpers for ECN
				16	decapsulation, so let's just switch over WireGuard to using those, so it
				17	can benefit from this enhancement and any future tweaks. We do not drop
				18	packets with invalid ECN marking combinations, because WireGuard is
				19	frequently used to work around broken ISPs, which could be doing that.
				20
				21	Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
				22	Reported-by: Olivier Tilmans <olivier.tilmans@nokia-bell-labs.com>
				23	Cc: Dave Taht <dave.taht@gmail.com>
				24	Cc: Rodney W. Grimes <ietf@gndrsh.dnsmgr.net>
				25	Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
				26	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
				27	Signed-off-by: David S. Miller <davem@davemloft.net>
				28	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
				29	---
				30	drivers/net/wireguard/receive.c \| 6 ++----
				31	1 file changed, 2 insertions(+), 4 deletions(-)
				32
				33	--- a/drivers/net/wireguard/receive.c
				34	+++ b/drivers/net/wireguard/receive.c
				35	@@ -393,13 +393,11 @@ static void wg_packet_consume_data_done(
				36	len = ntohs(ip_hdr(skb)->tot_len);
				37	if (unlikely(len < sizeof(struct iphdr)))
				38	goto dishonest_packet_size;
				39	- if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
				40	- IP_ECN_set_ce(ip_hdr(skb));
				41	+ INET_ECN_decapsulate(skb, PACKET_CB(skb)->ds, ip_hdr(skb)->tos);
				42	} else if (skb->protocol == htons(ETH_P_IPV6)) {
				43	len = ntohs(ipv6_hdr(skb)->payload_len) +
				44	sizeof(struct ipv6hdr);
				45	- if (INET_ECN_is_ce(PACKET_CB(skb)->ds))
				46	- IP6_ECN_set_ce(skb, ipv6_hdr(skb));
				47	+ INET_ECN_decapsulate(skb, PACKET_CB(skb)->ds, ipv6_get_dsfield(ipv6_hdr(skb)));
				48	} else {
				49	goto dishonest_packet_type;
				50	}