Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 256c87c1 authored by Pieter Jansen van Vuuren's avatar Pieter Jansen van Vuuren Committed by David S. Miller
Browse files

net: check tunnel option type in tunnel flags 



Check the tunnel option type stored in tunnel flags when creating options
for tunnels. Thereby ensuring we do not set geneve, vxlan or erspan tunnel
options on interfaces that are not associated with them.

Make sure all users of the infrastructure set correct flags, for the BPF
helper we have to set all bits to keep backward compatibility.

Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9d7298cd

drivers/net/geneve.c

+4 −2
Original line number Diff line number Diff line
@@ -236,7 +236,8 @@ static void geneve_rx(struct geneve_dev *geneve, struct geneve_sock *gs, 
		}

		/* Update tunnel dst according to Geneve options. */

		ip_tunnel_info_opts_set(&tun_dst->u.tun_info,

					gnvh->options, gnvh->opt_len * 4);

					gnvh->options, gnvh->opt_len * 4,

					TUNNEL_GENEVE_OPT);

	} else {

		/* Drop packets w/ critical options,

		 * since we don't support any...
@@ -675,6 +676,7 @@ static void geneve_build_header(struct genevehdr *geneveh, 
	geneveh->proto_type = htons(ETH_P_TEB);

	geneveh->rsvd2 = 0;



	if (info->key.tun_flags & TUNNEL_GENEVE_OPT)

		ip_tunnel_info_opts_get(geneveh->options, info);

}

drivers/net/vxlan.c

+2 −1
Original line number Diff line number Diff line
@@ -2122,7 +2122,8 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, 
		vni = tunnel_id_to_key32(info->key.tun_id);

		ifindex = 0;

		dst_cache = &info->dst_cache;

		if (info->options_len)

		if (info->options_len &&

		    info->key.tun_flags & TUNNEL_VXLAN_OPT)

			md = ip_tunnel_info_opts(info);

		ttl = info->key.ttl;

		tos = info->key.tos;

include/net/ip_tunnels.h

+6 −2
Original line number Diff line number Diff line
@@ -466,10 +466,12 @@ static inline void ip_tunnel_info_opts_get(void *to, 
}



static inline void ip_tunnel_info_opts_set(struct ip_tunnel_info *info,

					   const void *from, int len)

					   const void *from, int len,

					   __be16 flags)

{

	memcpy(ip_tunnel_info_opts(info), from, len);

	info->options_len = len;

	info->key.tun_flags |= flags;

}



static inline struct ip_tunnel_info *lwt_tun_info(struct lwtunnel_state *lwtstate)
@@ -511,9 +513,11 @@ static inline void ip_tunnel_info_opts_get(void *to, 
}



static inline void ip_tunnel_info_opts_set(struct ip_tunnel_info *info,

					   const void *from, int len)

					   const void *from, int len,

					   __be16 flags)

{

	info->options_len = 0;

	info->key.tun_flags |= flags;

}



#endif /* CONFIG_INET */

net/core/filter.c

+1 −1
Original line number Diff line number Diff line
@@ -3582,7 +3582,7 @@ BPF_CALL_3(bpf_skb_set_tunnel_opt, struct sk_buff *, skb, 
	if (unlikely(size > IP_TUNNEL_OPTS_MAX))

		return -ENOMEM;



	ip_tunnel_info_opts_set(info, from, size);

	ip_tunnel_info_opts_set(info, from, size, TUNNEL_OPTIONS_PRESENT);



	return 0;

}

net/ipv4/ip_gre.c

+2 −0
Original line number Diff line number Diff line
@@ -587,6 +587,8 @@ static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev, 
		goto err_free_skb;



	key = &tun_info->key;

	if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))

		goto err_free_rt;

	md = ip_tunnel_info_opts(tun_info);

	if (!md)

		goto err_free_rt;