| Message ID | 20240509205812.4063198-1-samuel.thibault@ens-lyon.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 364798056f518b0bf2f17cd9eaf0dd4e856d7393 |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | l2tp: Support different protocol versions with same IP/port quadruple | expand |
On 09/05/2024 21:58, Samuel Thibault wrote: > 628bc3e5a1be ("l2tp: Support several sockets with same IP/port quadruple") > added support for several L2TPv2 tunnels using the same IP/port quadruple, > but if an L2TPv3 socket exists it could eat all the trafic. We thus have to > first use the version from the packet to get the proper tunnel, and only > then check that the version matches. > > Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> LGTM Reviewed-by: James Chapman <jchapman@katalix.com> > --- > net/l2tp/l2tp_core.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c > index 2ab45e3f48bf..7d519a46a844 100644 > --- a/net/l2tp/l2tp_core.c > +++ b/net/l2tp/l2tp_core.c > @@ -820,13 +820,8 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) > /* Get L2TP header flags */ > hdrflags = ntohs(*(__be16 *)ptr); > > - /* Check protocol version */ > + /* Get protocol version */ > version = hdrflags & L2TP_HDR_VER_MASK; > - if (version != tunnel->version) { > - pr_debug_ratelimited("%s: recv protocol version mismatch: got %d expected %d\n", > - tunnel->name, version, tunnel->version); > - goto invalid; > - } > > /* Get length of L2TP packet */ > length = skb->len; > @@ -838,7 +833,7 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) > /* Skip flags */ > ptr += 2; > > - if (tunnel->version == L2TP_HDR_VER_2) { > + if (version == L2TP_HDR_VER_2) { > /* If length is present, skip it */ > if (hdrflags & L2TP_HDRFLAG_L) > ptr += 2; > @@ -855,7 +850,7 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) > struct l2tp_tunnel *alt_tunnel; > > alt_tunnel = l2tp_tunnel_get(tunnel->l2tp_net, tunnel_id); > - if (!alt_tunnel || alt_tunnel->version != L2TP_HDR_VER_2) > + if (!alt_tunnel) > goto pass; > tunnel = alt_tunnel; > } > @@ -869,6 +864,13 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) > ptr += 4; > } > > + /* Check protocol version */ > + if (version != tunnel->version) { > + pr_debug_ratelimited("%s: recv protocol version mismatch: got %d expected %d\n", > + tunnel->name, version, tunnel->version); > + goto invalid; > + } > + > /* Find the session context */ > session = l2tp_tunnel_get_session(tunnel, session_id); > if (!session || !session->recv_skb) {
Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski <kuba@kernel.org>: On Thu, 9 May 2024 22:58:12 +0200 you wrote: > 628bc3e5a1be ("l2tp: Support several sockets with same IP/port quadruple") > added support for several L2TPv2 tunnels using the same IP/port quadruple, > but if an L2TPv3 socket exists it could eat all the trafic. We thus have to > first use the version from the packet to get the proper tunnel, and only > then check that the version matches. > > Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> > > [...] Here is the summary with links: - l2tp: Support different protocol versions with same IP/port quadruple https://git.kernel.org/netdev/net-next/c/364798056f51 You are awesome, thank you!
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c index 2ab45e3f48bf..7d519a46a844 100644 --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c @@ -820,13 +820,8 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) /* Get L2TP header flags */ hdrflags = ntohs(*(__be16 *)ptr); - /* Check protocol version */ + /* Get protocol version */ version = hdrflags & L2TP_HDR_VER_MASK; - if (version != tunnel->version) { - pr_debug_ratelimited("%s: recv protocol version mismatch: got %d expected %d\n", - tunnel->name, version, tunnel->version); - goto invalid; - } /* Get length of L2TP packet */ length = skb->len; @@ -838,7 +833,7 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) /* Skip flags */ ptr += 2; - if (tunnel->version == L2TP_HDR_VER_2) { + if (version == L2TP_HDR_VER_2) { /* If length is present, skip it */ if (hdrflags & L2TP_HDRFLAG_L) ptr += 2; @@ -855,7 +850,7 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) struct l2tp_tunnel *alt_tunnel; alt_tunnel = l2tp_tunnel_get(tunnel->l2tp_net, tunnel_id); - if (!alt_tunnel || alt_tunnel->version != L2TP_HDR_VER_2) + if (!alt_tunnel) goto pass; tunnel = alt_tunnel; } @@ -869,6 +864,13 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) ptr += 4; } + /* Check protocol version */ + if (version != tunnel->version) { + pr_debug_ratelimited("%s: recv protocol version mismatch: got %d expected %d\n", + tunnel->name, version, tunnel->version); + goto invalid; + } + /* Find the session context */ session = l2tp_tunnel_get_session(tunnel, session_id); if (!session || !session->recv_skb) {
628bc3e5a1be ("l2tp: Support several sockets with same IP/port quadruple") added support for several L2TPv2 tunnels using the same IP/port quadruple, but if an L2TPv3 socket exists it could eat all the trafic. We thus have to first use the version from the packet to get the proper tunnel, and only then check that the version matches. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> --- net/l2tp/l2tp_core.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-)