[PATCH] l2tp: ensure sk->dst is still valid

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] l2tp: ensure sk->dst is still valid
@ 2011-11-25 16:47 Florian Westphal
  2011-11-26  4:30 ` Eric Dumazet
  0 siblings, 1 reply; 3+ messages in thread
From: Florian Westphal @ 2011-11-25 16:47 UTC (permalink / raw)
  To: netdev; +Cc: Florian Westphal, James Chapman

When using l2tp over ipsec, the tunnel will hang when rekeying
occurs. Reason is that the transformer bundle attached to the dst entry
is now in STATE_DEAD and thus xfrm_output_one() drops all packets
(XfrmOutStateExpired increases).

Fix this by calling __sk_dst_check (which drops the stale dst
if xfrm dst->check callback finds that the bundle is no longer valid).

Cc: James Chapman <jchapman@katalix.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/l2tp/l2tp_core.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index cf0f308..89ff8c6 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -1072,7 +1072,7 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
 
 	/* Get routing info from the tunnel socket */
 	skb_dst_drop(skb);
-	skb_dst_set(skb, dst_clone(__sk_dst_get(sk)));
+	skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
 
 	inet = inet_sk(sk);
 	fl = &inet->cork.fl;
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] l2tp: ensure sk->dst is still valid
  2011-11-25 16:47 [PATCH] l2tp: ensure sk->dst is still valid Florian Westphal
@ 2011-11-26  4:30 ` Eric Dumazet
  2011-11-26 20:57   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Eric Dumazet @ 2011-11-26  4:30 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netdev, James Chapman

Le vendredi 25 novembre 2011 à 17:47 +0100, Florian Westphal a écrit :
> When using l2tp over ipsec, the tunnel will hang when rekeying
> occurs. Reason is that the transformer bundle attached to the dst entry
> is now in STATE_DEAD and thus xfrm_output_one() drops all packets
> (XfrmOutStateExpired increases).
> 
> Fix this by calling __sk_dst_check (which drops the stale dst
> if xfrm dst->check callback finds that the bundle is no longer valid).
> 
> Cc: James Chapman <jchapman@katalix.com>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  net/l2tp/l2tp_core.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> index cf0f308..89ff8c6 100644
> --- a/net/l2tp/l2tp_core.c
> +++ b/net/l2tp/l2tp_core.c
> @@ -1072,7 +1072,7 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
>  
>  	/* Get routing info from the tunnel socket */
>  	skb_dst_drop(skb);
> -	skb_dst_set(skb, dst_clone(__sk_dst_get(sk)));
> +	skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
>  
>  	inet = inet_sk(sk);
>  	fl = &inet->cork.fl;

Seems good to me, although we could use RCU and skb_dst_set_noref() to
avoid dirtying dst refcount. I'll send a patch for net-next later.

Acked-by: Eric Dumazet <eric.dumazet@gmail.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] l2tp: ensure sk->dst is still valid
  2011-11-26  4:30 ` Eric Dumazet
@ 2011-11-26 20:57   ` David Miller
  0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2011-11-26 20:57 UTC (permalink / raw)
  To: eric.dumazet; +Cc: fw, netdev, jchapman

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Sat, 26 Nov 2011 05:30:01 +0100

> Le vendredi 25 novembre 2011 à 17:47 +0100, Florian Westphal a écrit :
>> When using l2tp over ipsec, the tunnel will hang when rekeying
>> occurs. Reason is that the transformer bundle attached to the dst entry
>> is now in STATE_DEAD and thus xfrm_output_one() drops all packets
>> (XfrmOutStateExpired increases).
>> 
>> Fix this by calling __sk_dst_check (which drops the stale dst
>> if xfrm dst->check callback finds that the bundle is no longer valid).
>> 
>> Cc: James Chapman <jchapman@katalix.com>
>> Signed-off-by: Florian Westphal <fw@strlen.de>
>> ---
>>  net/l2tp/l2tp_core.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>> 
>> diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
>> index cf0f308..89ff8c6 100644
>> --- a/net/l2tp/l2tp_core.c
>> +++ b/net/l2tp/l2tp_core.c
>> @@ -1072,7 +1072,7 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
>>  
>>  	/* Get routing info from the tunnel socket */
>>  	skb_dst_drop(skb);
>> -	skb_dst_set(skb, dst_clone(__sk_dst_get(sk)));
>> +	skb_dst_set(skb, dst_clone(__sk_dst_check(sk, 0)));
>>  
>>  	inet = inet_sk(sk);
>>  	fl = &inet->cork.fl;
> 
> Seems good to me, although we could use RCU and skb_dst_set_noref() to
> avoid dirtying dst refcount. I'll send a patch for net-next later.
> 
> Acked-by: Eric Dumazet <eric.dumazet@gmail.com>

Applied, thanks everyone.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-11-26 20:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-25 16:47 [PATCH] l2tp: ensure sk->dst is still valid Florian Westphal
2011-11-26  4:30 ` Eric Dumazet
2011-11-26 20:57   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).