From: David Ahern dsahern@gmail.com
[ Upstream commit 16b9db1ce34ff00d6c18e82825125cfef0cdfb13 ]
To avoid a loop with qdiscs and xfrms, check if the skb has already gone through the qdisc attached to the VRF device and then to the xfrm layer. If so, no need for a second redirect.
Fixes: 193125dbd8eb ("net: Introduce VRF device driver") Reported-by: Trev Larock trev@larock.ca Signed-off-by: David Ahern dsahern@gmail.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/net/vrf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -474,7 +474,8 @@ static struct sk_buff *vrf_ip6_out(struc if (rt6_need_strict(&ipv6_hdr(skb)->daddr)) return skb;
- if (qdisc_tx_is_default(vrf_dev)) + if (qdisc_tx_is_default(vrf_dev) || + IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) return vrf_ip6_out_direct(vrf_dev, sk, skb);
return vrf_ip6_out_redirect(vrf_dev, skb); @@ -686,7 +687,8 @@ static struct sk_buff *vrf_ip_out(struct ipv4_is_lbcast(ip_hdr(skb)->daddr)) return skb;
- if (qdisc_tx_is_default(vrf_dev)) + if (qdisc_tx_is_default(vrf_dev) || + IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) return vrf_ip_out_direct(vrf_dev, sk, skb);
return vrf_ip_out_redirect(vrf_dev, skb);