From 93af606ac8067c772c9585fbf0f64aa3dca64fed Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 28 Oct 2020 21:11:21 +0100 Subject: wireguard: queueing: orphan outgoing packets to clear sk_bound_dev_if If netfilter changes the packet mark, the packet is rerouted. As part of the rerouting, skb->sk->sk_bound_dev_if is consulted, per usual. But when wireguard encapsulates packets, it fails to clear skb->sk, resulting in a misrouting of the encapsulated packet, which should no longer have the association to sk_bound_dev_if. This commit calls skb_orphan in that case, just like what xfrmi does, so that skb->sk is NULL in the rerouted case. We also add a test case in order to catch regressions and demonstrate the bug. Reported-by: Chen Minqiang Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/queueing.h | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers/net/wireguard/queueing.h') diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index dfb674e..8e48031 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -85,6 +85,7 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) skb->l4_hash = l4_hash; skb->sw_hash = sw_hash; skb->hash = hash; + skb_orphan(skb); } skb->queue_mapping = 0; skb->nohdr = 0; -- cgit v1.2.3