[PATCH 1/2] gre: fix hard header destination address checking

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Timo Teras <timo.teras@iki.fi>
To: netdev@vger.kernel.org
Cc: Timo Teras <timo.teras@iki.fi>
Subject: [PATCH 1/2] gre: fix hard header destination address checking
Date: Wed,  3 Mar 2010 16:01:13 +0200	[thread overview]
Message-ID: <1267624874-22326-1-git-send-email-timo.teras@iki.fi> (raw)

ipgre_header() can be called with zero daddr when the gre device is
configured as multipoint tunnel and still has the NOARP flag set (which is
typically cleared by the userspace arp daemon).  If the NOARP packets are
not dropped, ipgre_tunnel_xmit() will take rt->rt_gateway (= NBMA IP) and
use that for route look up (and may lead to bogus xfrm acquires).

The multicast address check is removed as sending to multicast group should
be ok.  In fact, if gre device has a multicast address as destination
ipgre_header is always called with multicast address.

Signed-off-by: Timo Teras <timo.teras@iki.fi>
---
 net/ipv4/ip_gre.c |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index c0c5274..f47c9f7 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1144,12 +1144,9 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev,

 	if (saddr)
 		memcpy(&iph->saddr, saddr, 4);
-
-	if (daddr) {
+	if (daddr)
 		memcpy(&iph->daddr, daddr, 4);
-		return t->hlen;
-	}
-	if (iph->daddr && !ipv4_is_multicast(iph->daddr))
+	if (iph->daddr)
 		return t->hlen;

 	return -t->hlen;
-- 
1.6.3.3

next             reply	other threads:[~2010-03-03 14:01 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-03-03 14:01 Timo Teras [this message]
2010-03-03 14:01 ` [PATCH 2/2] ipv4: flush ARP entries on device change Timo Teras
2010-03-03 14:06   ` Patrick McHardy
2010-03-03 14:20     ` Timo Teräs
2010-03-03 14:33       ` Patrick McHardy
2010-03-03 14:39         ` Timo Teräs
2010-03-03 14:44           ` Patrick McHardy
2010-03-04 11:15             ` Timo Teräs
2010-03-04  8:41 ` [PATCH 1/2] gre: fix hard header destination address checking David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c0c5274 dfblob:f47c9f7 )
 OR (
bs:"[PATCH 1/2] gre: fix hard header destination address checking" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1267624874-22326-1-git-send-email-timo.teras@iki.fi \
    --to=timo.teras@iki.fi \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).