From: Sabrina Dubroca <s...@queasysnail.net>
Date: Fri, 3 Jul 2020 17:00:32 +0200
> IPv4 ping sockets don't set fl4.fl4_icmp_{type,code}, which leads to
> incomplete IPsec ACQUIRE messages being sent to userspace. Currently,
> both raw sockets and IPv6 ping sockets set those fields.
>
> Expected output of "ip xfrm monitor":
> acquire proto esp
> sel src 10.0.2.15/32 dst 8.8.8.8/32 proto icmp type 8 code 0 dev ens4
> policy src 10.0.2.15/32 dst 8.8.8.8/32
> <snip>
>
> Currently with ping sockets:
> acquire proto esp
> sel src 10.0.2.15/32 dst 8.8.8.8/32 proto icmp type 0 code 0 dev ens4
> policy src 10.0.2.15/32 dst 8.8.8.8/32
> <snip>
>
> The Libreswan test suite found this problem after Fedora changed the
> value for the sysctl net.ipv4.ping_group_range.
>
> Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
> Reported-by: Paul Wouters <pwout...@redhat.com>
> Tested-by: Paul Wouters <pwout...@redhat.com>
> Signed-off-by: Sabrina Dubroca <s...@queasysnail.net>
Applied and queued up for -stable, thank you.
