Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp2461402imd;
        Fri, 2 Nov 2018 11:48:54 -0700 (PDT)
X-Google-Smtp-Source: AJdET5f3exFXdN2xvWsKc6iy3mC5C+MwvLmVtTpozsD4wuss1q3MOMlpgN/VHarF9R9W648IaGtt
X-Received: by 2002:a62:5210:: with SMTP id g16-v6mr12782669pfb.256.1541184534680;
        Fri, 02 Nov 2018 11:48:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1541184534; cv=none;
        d=google.com; s=arc-20160816;
        b=KdOPauCW3sYuuOchw5fdSqHQHvfwezF5+ErRR2FHGHQC5Ed8l2/tmNaeXB9Mj12jdZ
         Rr2rQioZwUcsbiFkTRlwbbh3Zt1SJAp+m/8jwvyNRttUSxL5VDXdHN9Gk4VigMBY8UXB
         ToB8Sf1ALfA8Oy6tgy2TWqRAma4HYWNPcO8+by6kU2k8sGBOb0c8fjNuM4ET8mJM8iFU
         Ghi5s409kT9afztn9idrVUcX/oM+c9EvHzbtl1I/sdKGmUzO8TRX0mrd+ofRMBr4icSP
         gVJP02nI6Kl1RW/FMv6bYaDHzi8ujegI+rgqtQVrpa5/6IPY0L26HpLs+RsFuqvAgKMH
         6ZCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=XQAsginNmBy51EkQiMFblasiI1X2Zg+/V9YhdvrumZc=;
        b=GbU9vihpFlfTZkObRp/AhQyy/1EZRQzKeVtPVwGww2G+1vQK4LGiJAsozdIUHo+xgN
         56NeaLxws6mdebcEoILyghmMLO+3P4epe7rX2e0c52NdoS68AbK/8p06k9oCRnORhdRu
         PHmHYcLubfr9vPOGpCJwYhuWu4icCen8RNh6KiyNoKVb4IEiJYdC5X971LDbKvpi9/hk
         b/mp0PTNOpvIxiOx33DyXcMy8s5HsAD2wYamII0T0+Yd0Dj4GHVkniKO5+An7m0YN+6l
         RzpN6dcgxB2GPctT1wZwPslE5yoc1HKosyn4Ojvye0WwZLgfyhKv2uMp57kI0VeCyyMi
         HAIQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=jpn4qxud;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 134-v6si35017272pfu.273.2018.11.02.11.48.40;
        Fri, 02 Nov 2018 11:48:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=jpn4qxud;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729761AbeKCDyz (ORCPT <rfc822;stevepeted@gmail.com>
        + 99 others); Fri, 2 Nov 2018 23:54:55 -0400
Received: from mail.kernel.org ([198.145.29.99]:50854 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729000AbeKCDyz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Nov 2018 23:54:55 -0400
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id BBAD620837;
        Fri,  2 Nov 2018 18:46:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1541184401;
        bh=/8OwurWux3Erhbt4REnxnyNEPAot1DYUKC8DTFpBAiQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=jpn4qxudsVNSZ2MMTnaRqxym+abUvEQn+lcYXG4zlmuibMs2Yetw81ZMNt9oytM9F
         u06ibSn/PIy/RbSsgBj1M0TgJSLjUZiUCOwVBsA4Biq1H6nAmj/KrW6wa9l1o02JN8
         CC2M70HvEhdDMPtK0iLfAO0HQl+SWFCh7VDRRP7M=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Stefano Brivio <sbrivio@redhat.com>,
        "David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.18 124/150] ip6_tunnel: Fix encapsulation layout
Date:   Fri,  2 Nov 2018 19:34:46 +0100
Message-Id: <20181102182911.546443387@linuxfoundation.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181102182902.250560510@linuxfoundation.org>
References: <20181102182902.250560510@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stefano Brivio <sbrivio@redhat.com>

[ Upstream commit d4d576f5ab7edcb757bb33e6a5600666a0b1232d ]

Commit 058214a4d1df ("ip6_tun: Add infrastructure for doing
encapsulation") added the ip6_tnl_encap() call in ip6_tnl_xmit(), before
the call to ipv6_push_frag_opts() to append the IPv6 Tunnel Encapsulation
Limit option (option 4, RFC 2473, par. 5.1) to the outer IPv6 header.

As long as the option didn't actually end up in generated packets, this
wasn't an issue. Then commit 89a23c8b528b ("ip6_tunnel: Fix missing tunnel
encapsulation limit option") fixed sending of this option, and the
resulting layout, e.g. for FoU, is:

.-------------------.------------.----------.-------------------.----- - -
| Outer IPv6 Header | UDP header | Option 4 | Inner IPv6 Header | Payload
'-------------------'------------'----------'-------------------'----- - -

Needless to say, FoU and GUE (at least) won't work over IPv6. The option
is appended by default, and I couldn't find a way to disable it with the
current iproute2.

Turn this into a more reasonable:

.-------------------.----------.------------.-------------------.----- - -
| Outer IPv6 Header | Option 4 | UDP header | Inner IPv6 Header | Payload
'-------------------'----------'------------'-------------------'----- - -

With this, and with 84dad55951b0 ("udp6: fix encap return code for
resubmitting"), FoU and GUE work again over IPv6.

Fixes: 058214a4d1df ("ip6_tun: Add infrastructure for doing encapsulation")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_tunnel.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1184,10 +1184,6 @@ route_lookup:
 	}
 	skb_dst_set(skb, dst);
 
-	if (encap_limit >= 0) {
-		init_tel_txopt(&opt, encap_limit);
-		ipv6_push_frag_opts(skb, &opt.ops, &proto);
-	}
 	hop_limit = hop_limit ? : ip6_dst_hoplimit(dst);
 
 	/* Calculate max headroom for all the headers and adjust
@@ -1202,6 +1198,11 @@ route_lookup:
 	if (err)
 		return err;
 
+	if (encap_limit >= 0) {
+		init_tel_txopt(&opt, encap_limit);
+		ipv6_push_frag_opts(skb, &opt.ops, &proto);
+	}
+
 	skb_push(skb, sizeof(struct ipv6hdr));
 	skb_reset_network_header(skb);
 	ipv6h = ipv6_hdr(skb);