[PATCH net] vxlan: don't allow overwrite of config src addr

[PATCH net] vxlan: don't allow overwrite of config src addr

[Brian Russell]

When using IPv6 transport and a default dst, a pointer to the configured
source address is passed into the route lookup. If no source address is
configured, then the value is overwritten.

IPv6 route lookup ignores egress ifindex match if the source adress is set,
so if egress ifindex match is desired, the source address must be passed
as any. The overwrite breaks this for subsequent lookups.

Avoid this by copying the configured address to an existing stack variable
and pass a pointer to that instead.

Signed-off-by: Brian Russell <brussell@brocade.com>
---
 drivers/net/vxlan.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 30b04cf..3cca908 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2019,7 +2019,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 
 		dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
 		vni = rdst->remote_vni;
-		src = &vxlan->cfg.saddr;
+		local_ip = vxlan->cfg.saddr;
 		dst_cache = &rdst->dst_cache;
 		md->gbp = skb->mark;
 		ttl = vxlan->cfg.ttl;
@@ -2052,7 +2052,6 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 		dst = &remote_ip;
 		dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
 		vni = tunnel_id_to_key32(info->key.tun_id);
-		src = &local_ip;
 		dst_cache = &info->dst_cache;
 		if (info->options_len)
 			md = ip_tunnel_info_opts(info);
@@ -2061,6 +2060,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 		label = info->key.label;
 		udp_sum = !!(info->key.tun_flags & TUNNEL_CSUM);
 	}
+	src = &local_ip;
 	src_port = udp_flow_src_port(dev_net(dev), skb, vxlan->cfg.port_min,
 				     vxlan->cfg.port_max, true);
 
-- 
2.1.4

Re: [PATCH net] vxlan: don't allow overwrite of config src addr

[Jiri Benc]

On Mon, 20 Feb 2017 17:25:28 +0000, Brian Russell wrote:
> When using IPv6 transport and a default dst, a pointer to the configured
> source address is passed into the route lookup. If no source address is
> configured, then the value is overwritten.
> 
> IPv6 route lookup ignores egress ifindex match if the source adress is set,
> so if egress ifindex match is desired, the source address must be passed
> as any. The overwrite breaks this for subsequent lookups.
> 
> Avoid this by copying the configured address to an existing stack variable
> and pass a pointer to that instead.

Seems there were another patches applied between the time you created
the patch and sent it and it doesn't apply.

Feel free to add to v2:

Acked-by: Jiri Benc <jbenc@redhat.com>

 Jiri

Re: [PATCH net] vxlan: don't allow overwrite of config src addr

[Jiri Benc]

On Mon, 20 Feb 2017 17:25:28 +0000, Brian Russell wrote:
> --- a/drivers/net/vxlan.c
> +++ b/drivers/net/vxlan.c
> @@ -2019,7 +2019,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
>  
>  		dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
>  		vni = rdst->remote_vni;
> -		src = &vxlan->cfg.saddr;
> +		local_ip = vxlan->cfg.saddr;
>  		dst_cache = &rdst->dst_cache;
>  		md->gbp = skb->mark;
>  		ttl = vxlan->cfg.ttl;
> @@ -2052,7 +2052,6 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
>  		dst = &remote_ip;
>  		dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
>  		vni = tunnel_id_to_key32(info->key.tun_id);
> -		src = &local_ip;
>  		dst_cache = &info->dst_cache;
>  		if (info->options_len)
>  			md = ip_tunnel_info_opts(info);
> @@ -2061,6 +2060,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
>  		label = info->key.label;
>  		udp_sum = !!(info->key.tun_flags & TUNNEL_CSUM);
>  	}
> +	src = &local_ip;

Btw, you can simplify this even more, get rid of src completely and
just use local_ip.

And please also add to v2:

Fixes: 272d96a5ab10 ("net: vxlan: lwt: Use source ip address during route lookup.")

 Jiri