summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorThomas Egerer <thomas.egerer@secunet.com>2015-07-27 10:50:19 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2015-08-11 12:41:34 +0200
commiteae8dee992af622fd992cb2370cd596ac80ef141 (patch)
tree4ca6b7ccfd2daf53b25670f7643d6bbb91993053 /net
parent07a51cd3794960548627a27aae68c1446341db32 (diff)
xfrm6: Fix IPv6 ECN decapsulation
Using ipv6_get_dsfield on the outer IP header implies that inner and outer header are of the the same address family. For interfamily tunnels, particularly 646, the code reading the DSCP field obtains the wrong values (IHL and the upper four bits of the DSCP field). This can cause the code to detect a congestion encoutered state in the outer header and enable the corresponding bits in the inner header, too. Since the DSCP field is stored in the xfrm mode common buffer independently from the IP version of the outer header, it's safe (and correct) to take this value from there. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
-rw-r--r--net/ipv6/xfrm6_mode_tunnel.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index 901ef6f8addc..f7fbdbabe50e 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -20,10 +20,9 @@
static inline void ipip6_ecn_decapsulate(struct sk_buff *skb)
{
- const struct ipv6hdr *outer_iph = ipv6_hdr(skb);
struct ipv6hdr *inner_iph = ipipv6_hdr(skb);
- if (INET_ECN_is_ce(ipv6_get_dsfield(outer_iph)))
+ if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
IP6_ECN_set_ce(inner_iph);
}