From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Nicolas Dichtel <nicolas.dichtel@6wind.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 54/70] vti[6]: fix packet tx through bpf_redirect()
Date: Mon, 3 Feb 2020 16:20:06 +0000 [thread overview]
Message-ID: <20200203161920.155843437@linuxfoundation.org> (raw)
In-Reply-To: <20200203161912.158976871@linuxfoundation.org>
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
[ Upstream commit 95224166a9032ff5d08fca633d37113078ce7d01 ]
With an ebpf program that redirects packets through a vti[6] interface,
the packets are dropped because no dst is attached.
This could also be reproduced with an AF_PACKET socket, with the following
python script (vti1 is an ip_vti interface):
import socket
send_s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, 0)
# scapy
# p = IP(src='10.100.0.2', dst='10.200.0.1')/ICMP(type='echo-request')
# raw(p)
req = b'E\x00\x00\x1c\x00\x01\x00\x00@\x01e\xb2\nd\x00\x02\n\xc8\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00'
send_s.sendto(req, ('vti1', 0x800, 0, 0))
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_vti.c | 13 +++++++++++--
net/ipv6/ip6_vti.c | 13 +++++++++++--
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 960f4faaf2942..f5e5fcd908592 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -208,8 +208,17 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
int mtu;
if (!dst) {
- dev->stats.tx_carrier_errors++;
- goto tx_error_icmp;
+ struct rtable *rt;
+
+ fl->u.ip4.flowi4_oif = dev->ifindex;
+ fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
+ rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
+ if (IS_ERR(rt)) {
+ dev->stats.tx_carrier_errors++;
+ goto tx_error_icmp;
+ }
+ dst = &rt->dst;
+ skb_dst_set(skb, dst);
}
dst_hold(dst);
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index bfd39db3398a5..67ff206b6d619 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -453,8 +453,17 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
int err = -1;
int mtu;
- if (!dst)
- goto tx_err_link_failure;
+ if (!dst) {
+ fl->u.ip6.flowi6_oif = dev->ifindex;
+ fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
+ dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
+ if (dst->error) {
+ dst_release(dst);
+ dst = NULL;
+ goto tx_err_link_failure;
+ }
+ skb_dst_set(skb, dst);
+ }
dst_hold(dst);
dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
--
2.20.1
next prev parent reply other threads:[~2020-02-03 16:33 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-03 16:19 [PATCH 4.19 00/70] 4.19.102-stable review Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 01/70] vfs: fix do_last() regression Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 02/70] x86/resctrl: Fix use-after-free when deleting resource groups Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 03/70] x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 04/70] x86/resctrl: Fix a deadlock due to inaccurate reference Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 05/70] crypto: pcrypt - Fix user-after-free on module unload Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 06/70] rsi: add hci detach for hibernation and poweroff Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 07/70] rsi: fix use-after-free on failed probe and unbind Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 08/70] perf c2c: Fix return type for histogram sorting comparision functions Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 09/70] PM / devfreq: Add new name attribute for sysfs Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 10/70] tools lib: Fix builds when glibc contains strlcpy() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 11/70] arm64: kbuild: remove compressed images on make ARCH=arm64 (dist)clean Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 12/70] ext4: validate the debug_want_extra_isize mount option at parse time Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 13/70] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 14/70] reiserfs: Fix memory leak of journal device string Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 15/70] media: digitv: dont continue if remote control state cant be read Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 16/70] media: af9005: uninitialized variable printked Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 17/70] media: vp7045: do not read uninitialized values if usb transfer fails Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 18/70] media: gspca: zero usb_buf Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 19/70] media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 20/70] tomoyo: Use atomic_t for statistics counter Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 21/70] ttyprintk: fix a potential deadlock in interrupt context issue Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 22/70] Bluetooth: Fix race condition in hci_release_sock() Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 23/70] cgroup: Prevent double killing of css when enabling threaded cgroup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 24/70] media: si470x-i2c: Move free() past last use of radio Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 25/70] ARM: dts: sun8i: a83t: Correct USB3503 GPIOs polarity Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 26/70] ARM: dts: am57xx-beagle-x15/am57xx-idk: Remove "gpios" for endpoint dt nodes Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 27/70] ARM: dts: beagle-x15-common: Model 5V0 regulator Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 28/70] soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 29/70] tools lib traceevent: Fix memory leakage in filter_event Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 30/70] rseq: Unregister rseq for clone CLONE_VM Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 31/70] clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 32/70] mac80211: mesh: restrict airtime metric to peered established plinks Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 33/70] clk: mmp2: Fix the order of timer mux parents Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 34/70] ASoC: rt5640: Fix NULL dereference on module unload Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 35/70] ixgbevf: Remove limit of 10 entries for unicast filter list Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 36/70] ixgbe: Fix calculation of queue with VFs and flow director on interface flap Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 37/70] igb: Fix SGMII SFP module discovery for 100FX/LX Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 38/70] platform/x86: GPD pocket fan: Allow somewhat lower/higher temperature limits Greg Kroah-Hartman
2020-02-04 19:12 ` Pavel Machek
2020-02-03 16:19 ` [PATCH 4.19 39/70] ASoC: sti: fix possible sleep-in-atomic Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 40/70] qmi_wwan: Add support for Quectel RM500Q Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 41/70] parisc: Use proper printk format for resource_size_t Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 42/70] wireless: fix enabling channel 12 for custom regulatory domain Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 43/70] cfg80211: Fix radar event during another phy CAC Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 44/70] mac80211: Fix TKIP replay protection immediately after key setup Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 45/70] wireless: wext: avoid gcc -O3 warning Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 46/70] netfilter: nft_tunnel: ERSPAN_VERSION must not be null Greg Kroah-Hartman
2020-02-03 16:19 ` [PATCH 4.19 47/70] net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 48/70] bnxt_en: Fix ipv6 RFS filter matching logic Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 49/70] riscv: delete temporary files Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 50/70] iwlwifi: mvm: fix NVM check for 3168 devices Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 51/70] iwlwifi: Dont ignore the cap field upon mcc update Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 52/70] Input: aiptek - use descriptors of current altsetting Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 53/70] ARM: dts: am335x-boneblack-common: fix memory size Greg Kroah-Hartman
2020-02-03 16:20 ` Greg Kroah-Hartman [this message]
2020-02-03 16:20 ` [PATCH 4.19 55/70] xfrm interface: fix packet tx through bpf_redirect() Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 56/70] xfrm: interface: do not confirm neighbor when do pmtu update Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 57/70] scsi: fnic: do not queue commands during fwreset Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 58/70] ARM: 8955/1: virt: Relax arch timer version check during early boot Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 59/70] tee: optee: Fix compilation issue with nommu Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 60/70] airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 61/70] airo: Add missing CAP_NET_ADMIN check " Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 62/70] r8152: get default setting of WOL before initializing Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 63/70] ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1 Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 64/70] qlcnic: Fix CPU soft lockup while collecting firmware dump Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 65/70] powerpc/fsl/dts: add fsl,erratum-a011043 Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 66/70] net/fsl: treat fsl,erratum-a011043 Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 67/70] net: fsl/fman: rename IF_MODE_XGMII to IF_MODE_10G Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 68/70] seq_tab_next() should increase position index Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 69/70] l2t_seq_next " Greg Kroah-Hartman
2020-02-03 16:20 ` [PATCH 4.19 70/70] net: Fix skb->csum update in inet_proto_csum_replace16() Greg Kroah-Hartman
2020-02-03 21:39 ` [PATCH 4.19 00/70] 4.19.102-stable review Jon Hunter
2020-02-04 12:37 ` Pavel Machek
2020-02-05 14:42 ` Greg Kroah-Hartman
2020-02-04 13:37 ` Naresh Kamboju
2020-02-04 17:19 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200203161920.155843437@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).