From: Laika Price <[email protected]> iptunnel_pmtud_build_icmp(...) and iptunnel_pmtud_build_icmpv6(...) take in an sk_buff, modify it to create a PMTU ICMP error reply, and return it. As part of these modifications, the source/destination ethernet and IP addresses are swapped around which makes the sk_buff's current dst invalid.
If the stale dst is left, the packet can skip input routing and be forwarded using the original output device. This was observed when sending packets to a VXLAN over a WireGuard tunnel - the ICMP reply was generated but it was sent over the VXLAN instead of to the WireGuard tunnel. Drop the stale dst after building the PMTU reply so that the packet is routed using its new headers when it is reinjected. Signed-off-by: Laika Price <[email protected]> --- net/ipv4/ip_tunnel_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index d3c677e9b..949150e43 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -267,6 +267,7 @@ static int iptunnel_pmtud_build_icmp(struct sk_buff *skb, int mtu) eth_header(skb, skb->dev, ntohs(eh.h_proto), eh.h_source, eh.h_dest, 0); skb_reset_mac_header(skb); + skb_dst_drop(skb); return skb->len; } @@ -370,6 +371,7 @@ static int iptunnel_pmtud_build_icmpv6(struct sk_buff *skb, int mtu) eth_header(skb, skb->dev, ntohs(eh.h_proto), eh.h_source, eh.h_dest, 0); skb_reset_mac_header(skb); + skb_dst_drop(skb); return skb->len; } -- 2.54.0
