From patchwork Mon Jul 12 00:55:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 12369533 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5361BC07E9B for ; Mon, 12 Jul 2021 00:56:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3350661057 for ; Mon, 12 Jul 2021 00:56:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232305AbhGLA64 (ORCPT ); Sun, 11 Jul 2021 20:58:56 -0400 Received: from novek.ru ([213.148.174.62]:38598 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231928AbhGLA6y (ORCPT ); Sun, 11 Jul 2021 20:58:54 -0400 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id 29EC8503DBD; Mon, 12 Jul 2021 03:53:50 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru 29EC8503DBD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1626051231; bh=GlvJLZw8Yg8LyNXhz51DQL83Jyduqxf7+JQJQAsTtlw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ek1ntYiLPPuMgxWXx9Evq+Lt+HDhl4EUbsWdWvHJuCrbDY60b5SfUpRQTD+aP0bKL LwiajqxyqvqJACHeRXTAnblK7Wte+V/u9+LtzqtVrrKHyagitIESYtQs0WrnoBbAdk 825fCbRhk7r55Q6rTICXZe9sBiPfAlVYFxKahb3U= From: Vadim Fedorenko To: David Ahern , Willem de Bruijn , Paolo Abeni , Xin Long Cc: Jakub Kicinski , "David S. Miller" , netdev@vger.kernel.org, Vadim Fedorenko Subject: [PATCH net 2/3] udp: check encap socket in __udp_lib_err Date: Mon, 12 Jul 2021 03:55:53 +0300 Message-Id: <20210712005554.26948-3-vfedorenko@novek.ru> X-Mailer: git-send-email 2.18.4 In-Reply-To: <20210712005554.26948-1-vfedorenko@novek.ru> References: <20210712005554.26948-1-vfedorenko@novek.ru> Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Commit d26796ae5894 ("udp: check udp sock encap_type in __udp_lib_err") added checks for encapsulated sockets but it broke cases when there is no implementation of encap_err_lookup for encapsulation, i.e. ESP in UDP encapsulation. Fix it by calling encap_err_lookup only if socket implements this method otherwise treat it as legal socket. Fixes: d26796ae5894 ("udp: check udp sock encap_type in __udp_lib_err") Signed-off-by: Vadim Fedorenko --- net/ipv4/udp.c | 24 +++++++++++++++++++++++- net/ipv6/udp.c | 22 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index e5cb7fedfbcd..4980e0f19990 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -707,7 +707,29 @@ int __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable) sk = __udp4_lib_lookup(net, iph->daddr, uh->dest, iph->saddr, uh->source, skb->dev->ifindex, inet_sdif(skb), udptable, NULL); - if (!sk || udp_sk(sk)->encap_enabled) { + if (sk && udp_sk(sk)->encap_enabled) { + int (*lookup)(struct sock *sk, struct sk_buff *skb); + + lookup = READ_ONCE(udp_sk(sk)->encap_err_lookup); + if (lookup) { + int network_offset, transport_offset; + + network_offset = skb_network_offset(skb); + transport_offset = skb_transport_offset(skb); + + /* Network header needs to point to the outer IPv4 header inside ICMP */ + skb_reset_network_header(skb); + + /* Transport header needs to point to the UDP header */ + skb_set_transport_header(skb, iph->ihl << 2); + if (lookup(sk, skb)) + sk = NULL; + skb_set_transport_header(skb, transport_offset); + skb_set_network_header(skb, network_offset); + } + } + + if (!sk) { /* No socket for error: try tunnels before discarding */ sk = ERR_PTR(-ENOENT); if (static_branch_unlikely(&udp_encap_needed_key)) { diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 798916d2e722..ed49a8589d9f 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -558,6 +558,28 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt, sk = __udp6_lib_lookup(net, daddr, uh->dest, saddr, uh->source, inet6_iif(skb), inet6_sdif(skb), udptable, NULL); + if (sk && udp_sk(sk)->encap_enabled) { + int (*lookup)(struct sock *sk, struct sk_buff *skb); + + lookup = READ_ONCE(udp_sk(sk)->encap_err_lookup); + if (lookup) { + int network_offset, transport_offset; + + network_offset = skb_network_offset(skb); + transport_offset = skb_transport_offset(skb); + + /* Network header needs to point to the outer IPv6 header inside ICMP */ + skb_reset_network_header(skb); + + /* Transport header needs to point to the UDP header */ + skb_set_transport_header(skb, offset); + if (lookup(sk, skb)) + sk = NULL; + skb_set_transport_header(skb, transport_offset); + skb_set_network_header(skb, network_offset); + } + } + if (!sk || udp_sk(sk)->encap_enabled) { /* No socket for error: try tunnels before discarding */ sk = ERR_PTR(-ENOENT);