From: "Timo Teräs" <timo.teras@iki.fi>
To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Cc: "Timo Teräs" <timo.teras@iki.fi>,
"Tom Herbert" <therbert@google.com>,
"Eric Dumazet" <edumazet@google.com>
Subject: [PATCH net,v2] ipv4: ip_tunnels: disable cache for nbma gre tunnels
Date: Fri, 16 May 2014 08:34:39 +0300 [thread overview]
Message-ID: <1400218479-10166-1-git-send-email-timo.teras@iki.fi> (raw)
In-Reply-To: <20140515.232905.995406666776115109.davem@davemloft.net>
The connected check fails to check for ip_gre nbma mode tunnels
properly. ip_gre creates temporary tnl_params with daddr specified
to pass-in the actual target on per-packet basis from neighbor
layer. Detect these tunnels by inspecting the actual tunnel
configuration.
Minimal test case:
ip route add 192.168.1.1/32 via 10.0.0.1
ip route add 192.168.1.2/32 via 10.0.0.2
ip tunnel add nbma0 mode gre key 1 tos c0
ip addr add 172.17.0.0/16 dev nbma0
ip link set nbma0 up
ip neigh add 172.17.0.1 lladdr 192.168.1.1 dev nbma0
ip neigh add 172.17.0.2 lladdr 192.168.1.2 dev nbma0
ping 172.17.0.1
ping 172.17.0.2
The second ping should be going to 192.168.1.2 and head 10.0.0.2;
but cached gre tunnel level route is used and it's actually going
to 192.168.1.1 via 10.0.0.1.
The lladdr's need to go to separate dst for the bug to trigger.
Test case uses separate route entries, but this can also happen
when the route entry is same: if there is a nexthop exception or
the GRE tunnel is IPsec'ed in which case the dst points to xfrm
bundle unique to the gre lladdr.
Fixes: 7d442fab0a67 ("ipv4: Cache dst in tunnels")
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Cc: Tom Herbert <therbert@google.com>
Cc: Eric Dumazet <edumazet@google.com>
---
Should go to 3.14-stable too.
net/ipv4/ip_tunnel.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index e77381d..4eb9196 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -538,9 +538,10 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
unsigned int max_headroom; /* The extra header space needed */
__be32 dst;
int err;
- bool connected = true;
+ bool connected;
inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
+ connected = (tunnel->parms.iph.daddr != 0);
dst = tnl_params->daddr;
if (dst == 0) {
--
1.9.3
next prev parent reply other threads:[~2014-05-16 5:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-02 19:48 [PATCH 1/2 v3] ipv4: Cache dst in tunnels Tom Herbert
2014-04-24 12:16 ` [1/2,v3] " Timo Teras
2014-05-15 8:35 ` [PATCH] ipv4: ip_tunnels: disable dst cache for nbma gre tunnels Timo Teräs
2014-05-15 17:35 ` Timo Teras
2014-05-16 3:29 ` David Miller
2014-05-16 5:34 ` Timo Teräs [this message]
2014-05-16 20:59 ` [PATCH net,v2] ipv4: ip_tunnels: disable " David Miller
2014-05-16 3:28 ` [PATCH] ipv4: ip_tunnels: disable dst " David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1400218479-10166-1-git-send-email-timo.teras@iki.fi \
--to=timo.teras@iki.fi \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=netdev@vger.kernel.org \
--cc=therbert@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).