Commit bc1c4a19 authored Jan 14, 2019 by Benedict Wong Committed by Maciej Żenczykowski Feb 05, 2019

UPSTREAM: xfrm: Make set-mark default behavior backward compatible

Fixes 9b42c1f1, which changed the default route lookup behavior for
tunnel mode SAs in the outbound direction to use the skb mark, whereas
previously mark=0 was used if the output mark was unspecified. In
mark-based routing schemes such as Android’s, this change in default
behavior causes routing loops or lookup failures.

This patch restores the default behavior of using a 0 mark while still
incorporating the skb mark if the SET_MARK (and SET_MARK_MASK) is
specified.

Tested with additions to Android's kernel unit test suite:
https://android-review.googlesource.com/c/kernel/tests/+/860150



Fixes: 9b42c1f1 ("xfrm: Extend the output_mark to support input direction and masking")
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
(cherry picked from commit e2612cd496e7b465711d219ea6118893d7253f52)
Bug: 122236988
Test: Passes kernel tests
Change-Id: I1289b5b7b1eb93c6d99a0ba7d28e24c3eb25883d
Signed-off-by: Benedict Wong <benedictwong@google.com>

parent f6499efb

net/xfrm/xfrm_policy.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -1628,7 +1628,10 @@ static struct dst_entry xfrm_bundle_create(struct xfrm_policy policy,
		dst_copy_metrics(dst1, dst);

		if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
		__u32 mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);
		__u32 mark = 0;

		if (xfrm[i]->props.smark.v \|\| xfrm[i]->props.smark.m)
		mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);

		family = xfrm[i]->props.family;
		dst = xfrm_dst_lookup(xfrm[i], tos, fl->flowi_oif,