From: David Ahern <dsahern@gmail.com>
To: Wang Shanker <shankerwangmiao@gmail.com>, netdev@vger.kernel.org
Cc: Roopa Prabhu <roopa@cumulusnetworks.com>
Subject: Re: [PATCH] net/ipv4: swap flow ports when validating source
Date: Mon, 21 Jun 2021 19:23:45 -0600 [thread overview]
Message-ID: <a08932fe-789d-3b38-3d92-e00225a8cf9f@gmail.com> (raw)
In-Reply-To: <1B652E0A-2749-4B75-BC6D-2DAE2A4555A8@gmail.com>
On 6/21/21 9:17 AM, Wang Shanker wrote:
> When doing source address validation, the flowi4 struct used for
> fib_lookup should be in the reverse direction to the given skb.
> fl4_dport and fl4_sport returned by fib4_rules_early_flow_dissect
> should thus be swapped.
>
> Fixes: 5a847a6 ("net/ipv4: Initialize proto and ports in flow struct")
I believe the hash should be 12 chars: 5a847a6e1477
> Signed-off-by: Miao Wang <shankerwangmiao@gmail.com>
> ---
> net/ipv4/fib_frontend.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
> index 84bb707bd88d..647bceab56c2 100644
> --- a/net/ipv4/fib_frontend.c
> +++ b/net/ipv4/fib_frontend.c
> @@ -371,6 +371,8 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
> fl4.flowi4_proto = 0;
> fl4.fl4_sport = 0;
> fl4.fl4_dport = 0;
> + } else {
> + swap(fl4.fl4_sport, fl4.fl4_dport);
> }
>
> if (fib_lookup(net, &fl4, &res, 0))
>
Reviewed-by: David Ahern <dsahern@kernel.org>
next prev parent reply other threads:[~2021-06-22 1:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 15:17 [PATCH] net/ipv4: swap flow ports when validating source Wang Shanker
2021-06-22 1:23 ` David Ahern [this message]
2021-06-22 2:39 ` Miao Wang
2021-06-22 4:21 ` David Ahern
2021-06-22 4:24 ` [PATCH v2] " Miao Wang
2021-06-22 17:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a08932fe-789d-3b38-3d92-e00225a8cf9f@gmail.com \
--to=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=roopa@cumulusnetworks.com \
--cc=shankerwangmiao@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.