Message ID | ea071b44960b1bb16413d6b53b355cab6ccfd215.1717009251.git.gnault@redhat.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net] vxlan: Pull inner IP header in vxlan_xmit_one(). | expand |
On Wed, May 29, 2024 at 09:01:12PM +0200, Guillaume Nault wrote: > Ensure the inner IP header is part of the skb's linear data before > setting old_iph. Otherwise, on a fragmented skb, old_iph could point > outside of the packet data. Forgot the Fixes tag. Sorry. Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
On Wed, 2024-05-29 at 21:01 +0200, Guillaume Nault wrote: > Ensure the inner IP header is part of the skb's linear data before > setting old_iph. Otherwise, on a fragmented skb, old_iph could point > outside of the packet data. > > Use skb_vlan_inet_prepare() on classical VXLAN devices to accommodate > for potential VLANs. Use pskb_inet_may_pull() for VXLAN-GPE as there's > no Ethernet header in that case. AFAICS even vxlan-GPE allows an ethernet header, see tun_p_to_eth_p() and: https://www.ietf.org/archive/id/draft-ietf-nvo3-vxlan-gpe-12.html#name-multi-protocol-support What I'm missing? Thanks, Paolo
On Tue, Jun 04, 2024 at 12:55:53PM +0200, Paolo Abeni wrote: > On Wed, 2024-05-29 at 21:01 +0200, Guillaume Nault wrote: > > Ensure the inner IP header is part of the skb's linear data before > > setting old_iph. Otherwise, on a fragmented skb, old_iph could point > > outside of the packet data. > > > > Use skb_vlan_inet_prepare() on classical VXLAN devices to accommodate > > for potential VLANs. Use pskb_inet_may_pull() for VXLAN-GPE as there's > > no Ethernet header in that case. > > AFAICS even vxlan-GPE allows an ethernet header, see tun_p_to_eth_p() > and: > > https://www.ietf.org/archive/id/draft-ietf-nvo3-vxlan-gpe-12.html#name-multi-protocol-support > > What I'm missing? Didn't see that. I'll post a v2. Thanks. > Thanks, > > Paolo >
On Wed, Jun 5, 2024 at 3:38 PM Guillaume Nault <gnault@redhat.com> wrote: > > On Tue, Jun 04, 2024 at 12:55:53PM +0200, Paolo Abeni wrote: > > On Wed, 2024-05-29 at 21:01 +0200, Guillaume Nault wrote: > > > Ensure the inner IP header is part of the skb's linear data before > > > setting old_iph. Otherwise, on a fragmented skb, old_iph could point > > > outside of the packet data. What is a "fragmented skb" ? > > > > > > Use skb_vlan_inet_prepare() on classical VXLAN devices to accommodate > > > for potential VLANs. Use pskb_inet_may_pull() for VXLAN-GPE as there's > > > no Ethernet header in that case. > > > > AFAICS even vxlan-GPE allows an ethernet header, see tun_p_to_eth_p() > > and: > > > > https://www.ietf.org/archive/id/draft-ietf-nvo3-vxlan-gpe-12.html#name-multi-protocol-support > > > > What I'm missing? > > Didn't see that. I'll post a v2. > Thanks. Also please add a Fixes: tag
On Wed, Jun 05, 2024 at 03:49:47PM +0200, Eric Dumazet wrote: > On Wed, Jun 5, 2024 at 3:38 PM Guillaume Nault <gnault@redhat.com> wrote: > > > > On Tue, Jun 04, 2024 at 12:55:53PM +0200, Paolo Abeni wrote: > > > On Wed, 2024-05-29 at 21:01 +0200, Guillaume Nault wrote: > > > > Ensure the inner IP header is part of the skb's linear data before > > > > setting old_iph. Otherwise, on a fragmented skb, old_iph could point > > > > outside of the packet data. > > What is a "fragmented skb" ? I meant "non linear". I'll rephrase in v2. > > > > > > > > Use skb_vlan_inet_prepare() on classical VXLAN devices to accommodate > > > > for potential VLANs. Use pskb_inet_may_pull() for VXLAN-GPE as there's > > > > no Ethernet header in that case. > > > > > > AFAICS even vxlan-GPE allows an ethernet header, see tun_p_to_eth_p() > > > and: > > > > > > https://www.ietf.org/archive/id/draft-ietf-nvo3-vxlan-gpe-12.html#name-multi-protocol-support > > > > > > What I'm missing? > > > > Didn't see that. I'll post a v2. > > Thanks. > > Also please add a Fixes: tag Yes, I forgot it in the original posting. I added it as a reply to the patch email.
diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c index f78dd0438843..323308734192 100644 --- a/drivers/net/vxlan/vxlan_core.c +++ b/drivers/net/vxlan/vxlan_core.c @@ -2339,7 +2339,7 @@ void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, struct ip_tunnel_key *pkey; struct ip_tunnel_key key; struct vxlan_dev *vxlan = netdev_priv(dev); - const struct iphdr *old_iph = ip_hdr(skb); + const struct iphdr *old_iph; struct vxlan_metadata _md; struct vxlan_metadata *md = &_md; unsigned int pkt_len = skb->len; @@ -2355,6 +2355,16 @@ void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, bool xnet = !net_eq(vxlan->net, dev_net(vxlan->dev)); __be32 vni = 0; + if (flags & VXLAN_F_GPE) { + if (!pskb_inet_may_pull(skb)) + goto drop; + } else { + if (!skb_vlan_inet_prepare(skb)) + goto drop; + } + + old_iph = ip_hdr(skb); + info = skb_tunnel_info(skb); use_cache = ip_tunnel_dst_cache_usable(skb, info);
Ensure the inner IP header is part of the skb's linear data before setting old_iph. Otherwise, on a fragmented skb, old_iph could point outside of the packet data. Use skb_vlan_inet_prepare() on classical VXLAN devices to accommodate for potential VLANs. Use pskb_inet_may_pull() for VXLAN-GPE as there's no Ethernet header in that case. Signed-off-by: Guillaume Nault <gnault@redhat.com> --- drivers/net/vxlan/vxlan_core.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)