xfrm: Clear low order bits of ->flowi4_tos in decode_session4().

Commit 23e7b1bfed61 ("xfrm: Don't accidentally set RTO_ONLINK in decode_session4()") fixed a problem where decode_session4() could erroneously set the RTO_ONLINK flag for IPv4 route lookups. This problem was reintroduced when decode_session4() was modified to use the flow dissector. Fix this by clearing again the two low order bits of ->flowi4_tos. Found by code inspection, compile tested only. Fixes: 7a0207094f1b ("xfrm: policy: replace session decode with flow dissector") Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Guillaume Nault <gnault@redhat.com> 2024-01-03 16:06:32 +0100
committer: Steffen Klassert <steffen.klassert@secunet.com> 2024-01-17 08:18:53 +0100
commit: 1982a2a02c9197436d4a8ea12f66bafab53f16a0 (patch)
tree: 7c91b01b2b7cdde4ced4465819875f19fc291986 /net/xfrm
parent: e327b2372bc0f18c30433ac40be07741b59231c5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 1b7e75159727..7351f32052dc 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3416,7 +3416,7 @@ decode_session4(const struct xfrm_flow_keys *flkeys, struct flowi *fl, bool reve
 	}
 
 	fl4->flowi4_proto = flkeys->basic.ip_proto;
-	fl4->flowi4_tos = flkeys->ip.tos;
+	fl4->flowi4_tos = flkeys->ip.tos & ~INET_ECN_MASK;
 }
 
 #if IS_ENABLED(CONFIG_IPV6)
author	Guillaume Nault <gnault@redhat.com>	2024-01-03 16:06:32 +0100
committer	Steffen Klassert <steffen.klassert@secunet.com>	2024-01-17 08:18:53 +0100
commit	1982a2a02c9197436d4a8ea12f66bafab53f16a0 (patch)
tree	7c91b01b2b7cdde4ced4465819875f19fc291986 /net/xfrm
parent	e327b2372bc0f18c30433ac40be07741b59231c5 (diff)