* Re: [PATCH] IPV6: Fix incorrect dst_entry handling in ip6_tunnel.c
[not found] <Pine.LNX.4.44.0307041601570.15229-100000@rhea.tcs.hut.fi>
@ 2003-07-10 3:43 ` David S. Miller
2003-08-01 11:15 ` [PATCH] IPV6: Incorrect hoplimit in ip6_push_pending_frames() Ville Nuorvala
1 sibling, 0 replies; 7+ messages in thread
From: David S. Miller @ 2003-07-10 3:43 UTC (permalink / raw)
To: vnuorval; +Cc: yoshfuji, netdev
From: Ville Nuorvala <vnuorval@tcs.hut.fi>
Date: Fri, 4 Jul 2003 16:14:18 +0300 (EEST)
I noticed a bug in ip6ip6_err(), please apply this patch!
Applied, thank you.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] IPV6: Incorrect hoplimit in ip6_push_pending_frames()
[not found] <Pine.LNX.4.44.0307041601570.15229-100000@rhea.tcs.hut.fi>
2003-07-10 3:43 ` [PATCH] IPV6: Fix incorrect dst_entry handling in ip6_tunnel.c David S. Miller
@ 2003-08-01 11:15 ` Ville Nuorvala
2003-08-03 5:59 ` David S. Miller
2003-08-05 13:42 ` [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit() Ville Nuorvala
1 sibling, 2 replies; 7+ messages in thread
From: Ville Nuorvala @ 2003-08-01 11:15 UTC (permalink / raw)
To: yoshfuji, davem; +Cc: netdev
Hi,
I noticed the hop limit passed to ip6_append_data() isn't used by
ip6_push_pending_frames(), which might lead to unexpected behavior with
multicast and (ipv6-in-ipv6) tunneled packets. This patch (against Linux
2.6.0-test2 and cset 1.1595) fixes the problem.
Thanks,
Ville
diff -Nur linux-2.5.OLD/include/linux/ipv6.h linux-2.5/include/linux/ipv6.h
--- linux-2.5.OLD/include/linux/ipv6.h Thu Jul 31 18:07:13 2003
+++ linux-2.5/include/linux/ipv6.h Wed Jul 30 15:53:12 2003
@@ -189,6 +189,7 @@
struct ipv6_txoptions *opt;
struct rt6_info *rt;
struct flowi *fl;
+ int hop_limit;
} cork;
};
diff -Nur linux-2.5.OLD/net/ipv6/ip6_output.c linux-2.5/net/ipv6/ip6_output.c
--- linux-2.5.OLD/net/ipv6/ip6_output.c Thu Jul 31 18:07:30 2003
+++ linux-2.5/net/ipv6/ip6_output.c Wed Jul 30 22:11:51 2003
@@ -1243,6 +1243,7 @@
dst_hold(&rt->u.dst);
np->cork.rt = rt;
np->cork.fl = fl;
+ np->cork.hop_limit = hlimit;
inet->cork.fragsize = mtu = dst_pmtu(&rt->u.dst);
inet->cork.length = 0;
inet->sndmsg_page = NULL;
@@ -1465,7 +1466,7 @@
hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
else
hdr->payload_len = 0;
- hdr->hop_limit = np->hop_limit;
+ hdr->hop_limit = np->cork.hop_limit;
hdr->nexthdr = proto;
ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
ipv6_addr_copy(&hdr->daddr, final_dst);
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: Incorrect hoplimit in ip6_push_pending_frames()
2003-08-01 11:15 ` [PATCH] IPV6: Incorrect hoplimit in ip6_push_pending_frames() Ville Nuorvala
@ 2003-08-03 5:59 ` David S. Miller
2003-08-05 13:42 ` [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit() Ville Nuorvala
1 sibling, 0 replies; 7+ messages in thread
From: David S. Miller @ 2003-08-03 5:59 UTC (permalink / raw)
To: Ville Nuorvala; +Cc: yoshfuji, netdev
On Fri, 1 Aug 2003 14:15:21 +0300 (EEST)
Ville Nuorvala <vnuorval@tcs.hut.fi> wrote:
> I noticed the hop limit passed to ip6_append_data() isn't used by
> ip6_push_pending_frames(), which might lead to unexpected behavior with
> multicast and (ipv6-in-ipv6) tunneled packets. This patch (against Linux
> 2.6.0-test2 and cset 1.1595) fixes the problem.
Applied, thank you.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit()
2003-08-01 11:15 ` [PATCH] IPV6: Incorrect hoplimit in ip6_push_pending_frames() Ville Nuorvala
2003-08-03 5:59 ` David S. Miller
@ 2003-08-05 13:42 ` Ville Nuorvala
2003-08-08 4:32 ` David S. Miller
2003-08-18 8:13 ` [PATCH] IPv6: fix dst leakage caused by rt6_cow() Ville Nuorvala
1 sibling, 2 replies; 7+ messages in thread
From: Ville Nuorvala @ 2003-08-05 13:42 UTC (permalink / raw)
To: davem; +Cc: netdev
[-- Attachment #1: Type: TEXT/PLAIN, Size: 438 bytes --]
Hi,
There were two bugs in ip6ip6_tnl_xmit() which are fixed in this patch
(made against Linux 2.6.0-test2 + cset 1.1612):
- ip6_tunnel must give its own getfrag function to ip6_append_data()
- fix dst leakage when encapsulated packet too big
Please apply!
Thanks,
Ville
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257
[-- Attachment #2: Type: TEXT/PLAIN, Size: 1768 bytes --]
diff -Nur --exclude=RCS --exclude=CVS --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet linux-2.5.OLD/net/ipv6/ip6_tunnel.c linux-2.5/net/ipv6/ip6_tunnel.c
--- linux-2.5.OLD/net/ipv6/ip6_tunnel.c Tue Aug 5 15:15:07 2003
+++ linux-2.5/net/ipv6/ip6_tunnel.c Tue Aug 5 15:45:41 2003
@@ -621,6 +621,14 @@
return opt;
}
+static int
+ip6ip6_getfrag(void *from, char *to, int offset, int len, int odd,
+ struct sk_buff *skb)
+{
+ memcpy(to, (char *) from + offset, len);
+ return 0;
+}
+
/**
* ip6ip6_tnl_addr_conflict - compare packet addresses to tunnel's own
* @t: the outgoing tunnel device
@@ -755,9 +763,9 @@
}
if (skb->len > mtu) {
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
- goto tx_err_opt_release;
+ goto tx_err_dst_release;
}
- err = ip6_append_data(sk, ip_generic_getfrag, skb->nh.raw, skb->len, 0,
+ err = ip6_append_data(sk, ip6ip6_getfrag, skb->nh.raw, skb->len, 0,
t->parms.hop_limit, opt, &fl,
(struct rt6_info *)dst, MSG_DONTWAIT);
@@ -785,7 +793,6 @@
return 0;
tx_err_dst_release:
dst_release(dst);
-tx_err_opt_release:
if (opt && opt != orig_opt)
sock_kfree_s(sk, opt, opt->tot_len);
tx_err_free_fl_lbl:
diff -Nur --exclude=RCS --exclude=CVS --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet linux-2.5.OLD/net/netsyms.c linux-2.5/net/netsyms.c
--- linux-2.5.OLD/net/netsyms.c Tue Aug 5 15:15:03 2003
+++ linux-2.5/net/netsyms.c Tue Aug 5 13:58:34 2003
@@ -482,10 +482,8 @@
EXPORT_SYMBOL(sysctl_max_syn_backlog);
#endif
-#endif
-
-#if defined (CONFIG_IPV6_MODULE) || defined (CONFIG_IP_SCTP_MODULE) || defined (CONFIG_IPV6_TUNNEL_MODULE)
EXPORT_SYMBOL(ip_generic_getfrag);
+
#endif
EXPORT_SYMBOL(tcp_read_sock);
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit()
2003-08-05 13:42 ` [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit() Ville Nuorvala
@ 2003-08-08 4:32 ` David S. Miller
2003-08-18 8:13 ` [PATCH] IPv6: fix dst leakage caused by rt6_cow() Ville Nuorvala
1 sibling, 0 replies; 7+ messages in thread
From: David S. Miller @ 2003-08-08 4:32 UTC (permalink / raw)
To: Ville Nuorvala; +Cc: netdev
On Tue, 5 Aug 2003 16:42:32 +0300 (EEST)
Ville Nuorvala <vnuorval@tcs.hut.fi> wrote:
> There were two bugs in ip6ip6_tnl_xmit() which are fixed in this patch
> (made against Linux 2.6.0-test2 + cset 1.1612):
>
> - ip6_tunnel must give its own getfrag function to ip6_append_data()
> - fix dst leakage when encapsulated packet too big
Patch applied, thank you Ville.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] IPv6: fix dst leakage caused by rt6_cow()
2003-08-05 13:42 ` [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit() Ville Nuorvala
2003-08-08 4:32 ` David S. Miller
@ 2003-08-18 8:13 ` Ville Nuorvala
2003-08-18 10:45 ` David S. Miller
1 sibling, 1 reply; 7+ messages in thread
From: Ville Nuorvala @ 2003-08-18 8:13 UTC (permalink / raw)
To: davem, usagi-core; +Cc: netdev
Hi,
since rt6_cow() calls dst_hold() it looks like we're leaking refcounts in
three places in route.c. The patch below should fix this.
--- linux-2.5.OLD/net/ipv6/route.c 2003-08-18 10:04:24.000000000 +0300
+++ linux-2.5/net/ipv6/route.c 2003-08-15 16:20:19.000000000 +0300
@@ -432,6 +432,7 @@
/* Race condition! In the gap, when rt6_lock was
released someone could insert this route. Relookup.
*/
+ dst_release(&rt->u.dst);
goto relookup;
}
dst_hold(&rt->u.dst);
@@ -486,6 +487,7 @@
/* Race condition! In the gap, when rt6_lock was
released someone could insert this route. Relookup.
*/
+ dst_release(&rt->u.dst);
goto relookup;
}
dst_hold(&rt->u.dst);
@@ -1094,8 +1096,8 @@
*/
dst_set_expires(&nrt->u.dst, ip6_rt_mtu_expires);
nrt->rt6i_flags |= RTF_DYNAMIC|RTF_EXPIRES;
- dst_release(&nrt->u.dst);
}
+ dst_release(&nrt->u.dst);
} else {
nrt = ip6_rt_copy(rt);
if (nrt == NULL)
Thanks,
Ville
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] IPv6: fix dst leakage caused by rt6_cow()
2003-08-18 8:13 ` [PATCH] IPv6: fix dst leakage caused by rt6_cow() Ville Nuorvala
@ 2003-08-18 10:45 ` David S. Miller
0 siblings, 0 replies; 7+ messages in thread
From: David S. Miller @ 2003-08-18 10:45 UTC (permalink / raw)
To: Ville Nuorvala; +Cc: usagi-core, netdev
On Mon, 18 Aug 2003 11:13:13 +0300 (EEST)
Ville Nuorvala <vnuorval@tcs.hut.fi> wrote:
> since rt6_cow() calls dst_hold() it looks like we're leaking refcounts in
> three places in route.c. The patch below should fix this.
You are absolutely correct.
Patch applied, thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-08-18 10:45 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <Pine.LNX.4.44.0307041601570.15229-100000@rhea.tcs.hut.fi>
2003-07-10 3:43 ` [PATCH] IPV6: Fix incorrect dst_entry handling in ip6_tunnel.c David S. Miller
2003-08-01 11:15 ` [PATCH] IPV6: Incorrect hoplimit in ip6_push_pending_frames() Ville Nuorvala
2003-08-03 5:59 ` David S. Miller
2003-08-05 13:42 ` [PATCH] IPV6: Fix bugs in ip6ip6_tnl_xmit() Ville Nuorvala
2003-08-08 4:32 ` David S. Miller
2003-08-18 8:13 ` [PATCH] IPv6: fix dst leakage caused by rt6_cow() Ville Nuorvala
2003-08-18 10:45 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).