]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
icmp: fix ICMP error source address when xfrm policy matches
authorAntony Antony <antony.antony@secunet.com>
Thu, 26 Feb 2026 10:27:51 +0000 (11:27 +0100)
committerJakub Kicinski <kuba@kernel.org>
Sat, 28 Feb 2026 23:08:15 +0000 (15:08 -0800)
When an IPsec gateway generates an ICMP error (e.g., Destination Host
Unreachable), the source address incorrectly shows the unreachable
destination instead of the gateway's address. IPv6 behaves correctly.

Before fix:
  ping 10.1.6.3
  From 10.1.6.3 icmp_seq=1 Destination Host Unreachable
  (wrong - 10.1.6.3 is the unreachable host)

After fix:
  ping 10.1.6.3
  From 10.1.5.2 icmp_seq=1 Destination Host Unreachable
  (correct - 10.1.5.2 is the gateway)

The fix removes the memcpy that overwrote fl4 with fl4_dec after
xfrm_lookup(). A follow-up commit adds a selftest.

Fixes: 415b3334a21a ("icmp: Fix regression in nexthop resolution during replies.")
Cc: stable+noautosel@kernel.org # Avoid false positives in tests
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Acked-by: Tobias Brunner <tobias@strongswan.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/19a0156ff6e76baa323a81d710510d399a6ff63a.1772101380.git.antony.antony@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/ipv4/icmp.c

index 1cf9e391aa0cc18e5d3ef4b6569207ae1ec0e43e..ac6d2ffc1963f1a7650faee8f054a51c05071d4a 100644 (file)
@@ -591,7 +591,6 @@ static struct rtable *icmp_route_lookup(struct net *net, struct flowi4 *fl4,
        rt2 = dst_rtable(dst2);
        if (!IS_ERR(dst2)) {
                dst_release(&rt->dst);
-               memcpy(fl4, &fl4_dec, sizeof(*fl4));
                rt = rt2;
        } else if (PTR_ERR(dst2) == -EPERM) {
                if (rt)