From 8f6d8d4f0842ac77c48a3bcb7b8edb95ee9ea925 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 9 Dec 2016 16:53:41 +0100
Subject: [PATCH] 4.4-stable patches

added patches:
	esp4-fix-integrity-verification-when-esn-are-used.patch
	esp6-fix-integrity-verification-when-esn-are-used.patch
	ipv4-set-skb-protocol-properly-for-local-output.patch
	ipv6-set-skb-protocol-properly-for-local-output.patch
---
 ...grity-verification-when-esn-are-used.patch | 33 ++++++++++++++++
 ...grity-verification-when-esn-are-used.patch | 33 ++++++++++++++++
 ...b-protocol-properly-for-local-output.patch | 39 +++++++++++++++++++
 ...b-protocol-properly-for-local-output.patch | 38 ++++++++++++++++++
 queue-4.4/series                              |  4 ++
 5 files changed, 147 insertions(+)
 create mode 100644 queue-4.4/esp4-fix-integrity-verification-when-esn-are-used.patch
 create mode 100644 queue-4.4/esp6-fix-integrity-verification-when-esn-are-used.patch
 create mode 100644 queue-4.4/ipv4-set-skb-protocol-properly-for-local-output.patch
 create mode 100644 queue-4.4/ipv6-set-skb-protocol-properly-for-local-output.patch

diff --git a/queue-4.4/esp4-fix-integrity-verification-when-esn-are-used.patch b/queue-4.4/esp4-fix-integrity-verification-when-esn-are-used.patch
new file mode 100644
index 00000000000..49f4bc68a46
--- /dev/null
+++ b/queue-4.4/esp4-fix-integrity-verification-when-esn-are-used.patch
@@ -0,0 +1,33 @@
+From 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 29 Nov 2016 17:05:20 +0100
+Subject: esp4: Fix integrity verification when ESN are used
+
+From: Tobias Brunner <tobias@strongswan.org>
+
+commit 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 upstream.
+
+When handling inbound packets, the two halves of the sequence number
+stored on the skb are already in network order.
+
+Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface")
+Signed-off-by: Tobias Brunner <tobias@strongswan.org>
+Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv4/esp4.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -476,7 +476,7 @@ static int esp_input(struct xfrm_state *
+ 		esph = (void *)skb_push(skb, 4);
+ 		*seqhi = esph->spi;
+ 		esph->spi = esph->seq_no;
+-		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
++		esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
+ 		aead_request_set_callback(req, 0, esp_input_done_esn, skb);
+ 	}
+ 
diff --git a/queue-4.4/esp6-fix-integrity-verification-when-esn-are-used.patch b/queue-4.4/esp6-fix-integrity-verification-when-esn-are-used.patch
new file mode 100644
index 00000000000..632cb3d6264
--- /dev/null
+++ b/queue-4.4/esp6-fix-integrity-verification-when-esn-are-used.patch
@@ -0,0 +1,33 @@
+From a55e23864d381c5a4ef110df94b00b2fe121a70d Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 29 Nov 2016 17:05:25 +0100
+Subject: esp6: Fix integrity verification when ESN are used
+
+From: Tobias Brunner <tobias@strongswan.org>
+
+commit a55e23864d381c5a4ef110df94b00b2fe121a70d upstream.
+
+When handling inbound packets, the two halves of the sequence number
+stored on the skb are already in network order.
+
+Fixes: 000ae7b2690e ("esp6: Switch to new AEAD interface")
+Signed-off-by: Tobias Brunner <tobias@strongswan.org>
+Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv6/esp6.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state
+ 		esph = (void *)skb_push(skb, 4);
+ 		*seqhi = esph->spi;
+ 		esph->spi = esph->seq_no;
+-		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
++		esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
+ 		aead_request_set_callback(req, 0, esp_input_done_esn, skb);
+ 	}
+ 
diff --git a/queue-4.4/ipv4-set-skb-protocol-properly-for-local-output.patch b/queue-4.4/ipv4-set-skb-protocol-properly-for-local-output.patch
new file mode 100644
index 00000000000..8ebf5709204
--- /dev/null
+++ b/queue-4.4/ipv4-set-skb-protocol-properly-for-local-output.patch
@@ -0,0 +1,39 @@
+From f4180439109aa720774baafdd798b3234ab1a0d2 Mon Sep 17 00:00:00 2001
+From: Eli Cooper <elicooper@gmx.com>
+Date: Thu, 1 Dec 2016 10:05:10 +0800
+Subject: ipv4: Set skb->protocol properly for local output
+
+From: Eli Cooper <elicooper@gmx.com>
+
+commit f4180439109aa720774baafdd798b3234ab1a0d2 upstream.
+
+When xfrm is applied to TSO/GSO packets, it follows this path:
+
+    xfrm_output() -> xfrm_output_gso() -> skb_gso_segment()
+
+where skb_gso_segment() relies on skb->protocol to function properly.
+
+This patch sets skb->protocol to ETH_P_IP before dst_output() is called,
+fixing a bug where GSO packets sent through a sit tunnel are dropped
+when xfrm is involved.
+
+Signed-off-by: Eli Cooper <elicooper@gmx.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv4/ip_output.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/ipv4/ip_output.c
++++ b/net/ipv4/ip_output.c
+@@ -102,6 +102,9 @@ int __ip_local_out(struct net *net, stru
+ 
+ 	iph->tot_len = htons(skb->len);
+ 	ip_send_check(iph);
++
++	skb->protocol = htons(ETH_P_IP);
++
+ 	return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT,
+ 		       net, sk, skb, NULL, skb_dst(skb)->dev,
+ 		       dst_output);
diff --git a/queue-4.4/ipv6-set-skb-protocol-properly-for-local-output.patch b/queue-4.4/ipv6-set-skb-protocol-properly-for-local-output.patch
new file mode 100644
index 00000000000..5cff552d0f7
--- /dev/null
+++ b/queue-4.4/ipv6-set-skb-protocol-properly-for-local-output.patch
@@ -0,0 +1,38 @@
+From b4e479a96fc398ccf83bb1cffb4ffef8631beaf1 Mon Sep 17 00:00:00 2001
+From: Eli Cooper <elicooper@gmx.com>
+Date: Thu, 1 Dec 2016 10:05:11 +0800
+Subject: ipv6: Set skb->protocol properly for local output
+
+From: Eli Cooper <elicooper@gmx.com>
+
+commit b4e479a96fc398ccf83bb1cffb4ffef8631beaf1 upstream.
+
+When xfrm is applied to TSO/GSO packets, it follows this path:
+
+    xfrm_output() -> xfrm_output_gso() -> skb_gso_segment()
+
+where skb_gso_segment() relies on skb->protocol to function properly.
+
+This patch sets skb->protocol to ETH_P_IPV6 before dst_output() is called,
+fixing a bug where GSO packets sent through an ipip6 tunnel are dropped
+when xfrm is involved.
+
+Signed-off-by: Eli Cooper <elicooper@gmx.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv6/output_core.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/ipv6/output_core.c
++++ b/net/ipv6/output_core.c
+@@ -148,6 +148,8 @@ int __ip6_local_out(struct net *net, str
+ 	ipv6_hdr(skb)->payload_len = htons(len);
+ 	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
+ 
++	skb->protocol = htons(ETH_P_IPV6);
++
+ 	return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
+ 		       net, sk, skb, NULL, skb_dst(skb)->dev,
+ 		       dst_output);
diff --git a/queue-4.4/series b/queue-4.4/series
index 5921de3c5b1..09e6f3520db 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -22,3 +22,7 @@ sparc64-fix-find_node-warning-if-numa-node-cannot-be-found.patch
 sparc64-fix-compile-warning-section-mismatch-in-find_node.patch
 don-t-feed-anything-but-regular-iovec-s-to-blk_rq_map_user_iov.patch
 constify-iov_iter_count-and-iter_is_iovec.patch
+ipv6-set-skb-protocol-properly-for-local-output.patch
+ipv4-set-skb-protocol-properly-for-local-output.patch
+esp4-fix-integrity-verification-when-esn-are-used.patch
+esp6-fix-integrity-verification-when-esn-are-used.patch
-- 
2.47.3