From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Nicolas Dichtel <nicolas.dichtel@6wind.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 39/53] vti[6]: fix packet tx through bpf_redirect()
Date: Mon, 3 Feb 2020 16:19:31 +0000 [thread overview]
Message-ID: <20200203161909.898535885@linuxfoundation.org> (raw)
In-Reply-To: <20200203161902.714326084@linuxfoundation.org>
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
[ Upstream commit 95224166a9032ff5d08fca633d37113078ce7d01 ]
With an ebpf program that redirects packets through a vti[6] interface,
the packets are dropped because no dst is attached.
This could also be reproduced with an AF_PACKET socket, with the following
python script (vti1 is an ip_vti interface):
import socket
send_s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, 0)
# scapy
# p = IP(src='10.100.0.2', dst='10.200.0.1')/ICMP(type='echo-request')
# raw(p)
req = b'E\x00\x00\x1c\x00\x01\x00\x00@\x01e\xb2\nd\x00\x02\n\xc8\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00'
send_s.sendto(req, ('vti1', 0x800, 0, 0))
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_vti.c | 13 +++++++++++--
net/ipv6/ip6_vti.c | 13 +++++++++++--
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index bbcbbc1cc2cc6..42dbd280dc9be 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -195,8 +195,17 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
int err;
if (!dst) {
- dev->stats.tx_carrier_errors++;
- goto tx_error_icmp;
+ struct rtable *rt;
+
+ fl->u.ip4.flowi4_oif = dev->ifindex;
+ fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
+ rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
+ if (IS_ERR(rt)) {
+ dev->stats.tx_carrier_errors++;
+ goto tx_error_icmp;
+ }
+ dst = &rt->dst;
+ skb_dst_set(skb, dst);
}
dst_hold(dst);
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 51da5987952ce..623963a2d8a68 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -441,8 +441,17 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
int err = -1;
int mtu;
- if (!dst)
- goto tx_err_link_failure;
+ if (!dst) {
+ fl->u.ip6.flowi6_oif = dev->ifindex;
+ fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
+ dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
+ if (dst->error) {
+ dst_release(dst);
+ dst = NULL;
+ goto tx_err_link_failure;
+ }
+ skb_dst_set(skb, dst);
+ }
dst_hold(dst);
dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
--
2.20.1
next prev parent reply other threads:[~2020-02-03 16:21 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-03 16:18 [PATCH 4.4 00/53] 4.4.213-stable review Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 01/53] ALSA: pcm: Add missing copy ops check before clearing buffer Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 02/53] orinoco_usb: fix interface sanity check Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 03/53] rsi_91x_usb: " Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 04/53] USB: serial: ir-usb: add missing endpoint " Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 05/53] USB: serial: ir-usb: fix link-speed handling Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 06/53] USB: serial: ir-usb: fix IrLAP framing Greg Kroah-Hartman
2020-02-03 16:18 ` [PATCH 4.4 07/53] staging: most: net: fix buffer overflow Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 08/53] staging: wlan-ng: ensure error return is actually returned Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 09/53] staging: vt6656: correct packet types for CTS protect, mode Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 10/53] staging: vt6656: use NULLFUCTION stack on mac80211 Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 11/53] staging: vt6656: Fix false Tx excessive retries reporting Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 12/53] ath9k: fix storage endpoint lookup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 13/53] brcmfmac: fix interface sanity check Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 14/53] rtl8xxxu: " Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 15/53] zd1211rw: fix storage endpoint lookup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 16/53] watchdog: rn5t618_wdt: fix module aliases Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 17/53] drivers/net/b44: Change to non-atomic bit operations on pwol_mask Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 18/53] net: wan: sdla: Fix cast from pointer to integer of different size Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 19/53] atm: eni: fix uninitialized variable warning Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 20/53] usb-storage: Disable UAS on JMicron SATA enclosure Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 21/53] net_sched: ematch: reject invalid TCF_EM_SIMPLE Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 22/53] crypto: af_alg - Use bh_lock_sock in sk_destruct Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 23/53] vfs: fix do_last() regression Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 24/53] crypto: pcrypt - Fix user-after-free on module unload Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 25/53] arm64: kbuild: remove compressed images on make ARCH=arm64 (dist)clean Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 26/53] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 27/53] reiserfs: Fix memory leak of journal device string Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 28/53] media: digitv: dont continue if remote control state cant be read Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 29/53] media: gspca: zero usb_buf Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 30/53] media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 31/53] ttyprintk: fix a potential deadlock in interrupt context issue Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 32/53] usb: dwc3: turn off VBUS when leaving host mode Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 33/53] media: si470x-i2c: Move free() past last use of radio Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 34/53] clk: mmp2: Fix the order of timer mux parents Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 35/53] ixgbevf: Remove limit of 10 entries for unicast filter list Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 36/53] ixgbe: Fix calculation of queue with VFs and flow director on interface flap Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 37/53] wireless: wext: avoid gcc -O3 warning Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 38/53] Input: aiptek - use descriptors of current altsetting Greg Kroah-Hartman
2020-02-03 16:19 ` Greg Kroah-Hartman [this message]
2020-02-03 16:19 ` [PATCH 4.4 40/53] scsi: fnic: do not queue commands during fwreset Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 41/53] ARM: 8955/1: virt: Relax arch timer version check during early boot Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 42/53] airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 43/53] airo: Add missing CAP_NET_ADMIN check " Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 44/53] r8152: get default setting of WOL before initializing Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 45/53] qlcnic: Fix CPU soft lockup while collecting firmware dump Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 46/53] net/fsl: treat fsl,erratum-a011043 Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 47/53] net/sonic: Add mutual exclusion for accessing shared state Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 48/53] net/sonic: Use MMIO accessors Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 49/53] net/sonic: Fix receive buffer handling Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 50/53] net/sonic: Quiesce SONIC before re-initializing descriptor memory Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 51/53] seq_tab_next() should increase position index Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 52/53] l2t_seq_next " Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.4 53/53] net: Fix skb->csum update in inet_proto_csum_replace16() Greg Kroah-Hartman
2020-02-03 21:39 ` [PATCH 4.4 00/53] 4.4.213-stable review Jon Hunter
2020-02-04 9:50 ` Chris Paterson
2020-02-04 12:47 ` Pavel Machek
2020-02-05 13:02 ` Greg Kroah-Hartman
2020-02-05 22:37 ` [cip-dev] " Pavel Machek
2020-02-04 14:43 ` Guenter Roeck
2020-02-05 13:02 ` Greg Kroah-Hartman
2020-02-04 17:18 ` Guenter Roeck
2020-02-05 2:02 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200203161909.898535885@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).