[PATCH 10/15] ip_vti: receive ipip packet by calling ip_tunnel_rcv

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	<netdev@vger.kernel.org>
Subject: [PATCH 10/15] ip_vti: receive ipip packet by calling ip_tunnel_rcv
Date: Fri, 29 May 2020 13:04:03 +0200	[thread overview]
Message-ID: <20200529110408.6349-11-steffen.klassert@secunet.com> (raw)
In-Reply-To: <20200529110408.6349-1-steffen.klassert@secunet.com>

From: Xin Long <lucien.xin@gmail.com>

In Commit dd9ee3444014 ("vti4: Fix a ipip packet processing bug in
'IPCOMP' virtual tunnel"), it tries to receive IPIP packets in vti
by calling xfrm_input(). This case happens when a small packet or
frag sent by peer is too small to get compressed.

However, xfrm_input() will still get to the IPCOMP path where skb
sec_path is set, but never dropped while it should have been done
in vti_ipcomp4_protocol.cb_handler(vti_rcv_cb), as it's not an
ipcomp4 packet. This will cause that the packet can never pass
xfrm4_policy_check() in the upper protocol rcv functions.

So this patch is to call ip_tunnel_rcv() to process IPIP packets
instead.

Fixes: dd9ee3444014 ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv4/ip_vti.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 1b4e6f298648..1dda7c155c48 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -93,7 +93,28 @@ static int vti_rcv_proto(struct sk_buff *skb)
 
 static int vti_rcv_tunnel(struct sk_buff *skb)
 {
-	return vti_rcv(skb, ip_hdr(skb)->saddr, true);
+	struct ip_tunnel_net *itn = net_generic(dev_net(skb->dev), vti_net_id);
+	const struct iphdr *iph = ip_hdr(skb);
+	struct ip_tunnel *tunnel;
+
+	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
+				  iph->saddr, iph->daddr, 0);
+	if (tunnel) {
+		struct tnl_ptk_info tpi = {
+			.proto = htons(ETH_P_IP),
+		};
+
+		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
+			goto drop;
+		if (iptunnel_pull_header(skb, 0, tpi.proto, false))
+			goto drop;
+		return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, false);
+	}
+
+	return -EINVAL;
+drop:
+	kfree_skb(skb);
+	return 0;
 }
 
 static int vti_rcv_cb(struct sk_buff *skb, int err)
-- 
2.17.1

next prev parent reply	other threads:[~2020-05-29 11:10 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-29 11:03 pull request (net): ipsec 2020-05-29 Steffen Klassert
2020-05-29 11:03 ` [PATCH 01/15] xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input Steffen Klassert
2020-05-29 11:03 ` [PATCH 02/15] xfrm: do pskb_pull properly in __xfrm_transport_prep Steffen Klassert
2020-05-29 11:03 ` [PATCH 03/15] esp6: get the right proto for transport mode in esp6_gso_encap Steffen Klassert
2020-05-29 11:03 ` [PATCH 04/15] xfrm: remove the xfrm_state_put call becofe going to out_reset Steffen Klassert
2020-05-29 11:03 ` [PATCH 05/15] xfrm: fix error in comment Steffen Klassert
2020-05-29 11:03 ` [PATCH 06/15] xfrm: espintcp: save and call old ->sk_destruct Steffen Klassert
2020-05-29 11:04 ` [PATCH 07/15] esp6: support ipv6 nexthdrs process for beet gso segment Steffen Klassert
2020-05-29 11:04 ` [PATCH 08/15] esp4: " Steffen Klassert
2020-05-29 11:04 ` [PATCH 09/15] xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output Steffen Klassert
2020-05-29 11:04 ` Steffen Klassert [this message]
2020-05-29 11:04 ` [PATCH 11/15] xfrm interface: fix oops when deleting a x-netns interface Steffen Klassert
2020-05-29 11:04 ` [PATCH 12/15] esp6: calculate transport_header correctly when sel.family != AF_INET6 Steffen Klassert
2020-05-29 11:04 ` [PATCH 13/15] esp4: improve xfrm4_beet_gso_segment() to be more readable Steffen Klassert
2020-05-29 11:04 ` [PATCH 14/15] xfrm: fix a warning in xfrm_policy_insert_list Steffen Klassert
2020-05-29 11:04 ` [PATCH 15/15] xfrm: fix a NULL-ptr deref in xfrm_local_error Steffen Klassert
2020-05-29 20:06 ` pull request (net): ipsec 2020-05-29 David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1b4e6f29864 dfblob:1dda7c155c4 )
 OR (
bs:"[PATCH 10/15] ip_vti: receive ipip packet by calling ip_tunnel_rcv" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200529110408.6349-11-steffen.klassert@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.