This Linux kernel change "ipv4: ip_do_fragment: Preserve skb_iif during fragmentation" is included in the Linux 5.1 release. This change is authored by Shmulik Ladkani <shmulik [at] metanetworks.com> on Mon Apr 29 16:39:30 2019 +0300. The commit for this change in Linux stable tree is d2f0c96 (patch).
ipv4: ip_do_fragment: Preserve skb_iif during fragmentation Previously, during fragmentation after forwarding, skb->skb_iif isn't preserved, i.e. 'ip_copy_metadata' does not copy skb_iif from given 'from' skb. As a result, ip_do_fragment's creates fragments with zero skb_iif, leading to inconsistent behavior. Assume for example an eBPF program attached at tc egress (post forwarding) that examines __sk_buff->ingress_ifindex: - the correct iif is observed if forwarding path does not involve fragmentation/refragmentation - a bogus iif is observed if forwarding path involves fragmentation/refragmentatiom Fix, by preserving skb_iif during 'ip_copy_metadata'. Signed-off-by: Shmulik Ladkani <[email protected]> Signed-off-by: David S. Miller <[email protected]>
There is one line of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.
net/ipv4/ip_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index c801888..e8bb2e8 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -519,6 +519,7 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from) to->pkt_type = from->pkt_type; to->priority = from->priority; to->protocol = from->protocol; + to->skb_iif = from->skb_iif; skb_dst_drop(to); skb_dst_copy(to, from); to->dev = from->dev;