diff options
| author | David S. Miller <davem@davemloft.net> | 2015-08-29 13:07:55 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-08-29 13:07:55 -0700 |
| commit | 6d74232410a9f3ed0e1fc0f5e538598f21e93982 (patch) | |
| tree | 388c9e94c26bdd40875562a58b84a54213ca7ac7 /drivers | |
| parent | f6d3c19274c74ff17174df8078e0a14df003667f (diff) | |
| parent | a43a9ef6a2e510fec61176ff2c34fab3e7d581da (diff) | |
| download | linux-6d74232410a9f3ed0e1fc0f5e538598f21e93982.tar.bz2 | |
Merge branch 'tnl-ipv4-ipv6'
Jiri Benc says:
====================
tunnels: fix incorrect IPv4/v6 headers interpretation
With tunneling, it is currently possible to get an IPv6 header and interpret
it as an IPv4 header, or to interpret an IPv6 address as an IPv4 address
(and vice versa). This leads to things like sending packets to incorrect
address, IPv6 flow label being interpreted as IP packet length, etc.
Fix several places where this can happen.
Most of this is net-next only. The third patch affects net, too, but it
doesn't seem there's anything in user space that sets the attribute at all
currently, thus net-next is fine.
Changelog:
v2: fixed geneve after incorrect rebase on top of Pravin's patches
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/geneve.c | 4 | ||||
| -rw-r--r-- | drivers/net/vxlan.c | 5 |
2 files changed, 7 insertions, 2 deletions
diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c index 4357bae732d7..3908a22f23d1 100644 --- a/drivers/net/geneve.c +++ b/drivers/net/geneve.c @@ -623,10 +623,12 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, struct net_device *dev) if (geneve->collect_md) { info = skb_tunnel_info(skb); - if (unlikely(info && info->mode != IP_TUNNEL_INFO_TX)) { + if (unlikely(info && !(info->mode & IP_TUNNEL_INFO_TX))) { netdev_dbg(dev, "no tunnel metadata\n"); goto tx_error; } + if (info && ip_tunnel_info_af(info) != AF_INET) + goto tx_error; } rt = geneve_get_rt(skb, dev, &fl4, info); diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 30e56cb58884..6c5269aea544 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1903,6 +1903,8 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, dev->name); goto drop; } + if (family != ip_tunnel_info_af(info)) + goto drop; dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port; vni = be64_to_cpu(info->key.tun_id); @@ -2113,7 +2115,7 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) } if (vxlan->flags & VXLAN_F_COLLECT_METADATA && - info && info->mode == IP_TUNNEL_INFO_TX) { + info && info->mode & IP_TUNNEL_INFO_TX) { vxlan_xmit_one(skb, dev, NULL, false); return NETDEV_TX_OK; } @@ -2528,6 +2530,7 @@ static struct socket *vxlan_create_sock(struct net *net, bool ipv6, udp_conf.family = AF_INET6; udp_conf.use_udp6_rx_checksums = !(flags & VXLAN_F_UDP_ZERO_CSUM6_RX); + udp_conf.ipv6_v6only = 1; } else { udp_conf.family = AF_INET; } |