Message ID | 20220107080559.122713-1-ooppublic@163.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | net: fix fragments have the disallowed options | expand |
On Fri, 7 Jan 2022 16:05:59 +0800 ooppublic@163.com wrote: > From: caixf <ooppublic@163.com> > > When in function ip_do_fragment() enter fsat path, fsat -> fast > if skb have opthons, all fragments will have the same options. opthons -> options > Just guarantee the second fragment not have the disallowed options. You're right. Can you send a patch which explicitly reverts these two commits instead: 1b9fbe813016b08e08b22ddba4ddbf9cb1b04b00 faf482ca196a5b16007190529b3b2dd32ab3f761 I prefer the code the way it was before them, plus keeping the code how it was could help backports. Thanks!
On Fri, 7 Jan 2022 16:05:59 +0800 ooppublic@163.com wrote: > From: caixf <ooppublic@163.com> > > When in function ip_do_fragment() enter fsat path, > if skb have opthons, all fragments will have the same options. > > Just guarantee the second fragment not have the disallowed options. #regzbot ^introduced: faf482ca196a5b16007190529b3b2dd32ab3f761
On Wed, 12 Jan 2022 10:43:24 -0800 Jakub Kicinski wrote: > On Fri, 7 Jan 2022 16:05:59 +0800 ooppublic@163.com wrote: > > From: caixf <ooppublic@163.com> > > > > When in function ip_do_fragment() enter fsat path, > > fsat -> fast > > > if skb have opthons, all fragments will have the same options. > > opthons -> options > > > Just guarantee the second fragment not have the disallowed options. > > You're right. Can you send a patch which explicitly reverts these > two commits instead: > > 1b9fbe813016b08e08b22ddba4ddbf9cb1b04b00 > faf482ca196a5b16007190529b3b2dd32ab3f761 > > I prefer the code the way it was before them, plus keeping the code how > it was could help backports. Please let us know if you're planning to send the new patch otherwise I'll do the revert myself, it's a clear bug.
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 9bca57ef8b83..ce178b5eb848 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -826,15 +826,16 @@ int ip_do_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, /* Everything is OK. Generate! */ ip_fraglist_init(skb, iph, hlen, &iter); - if (iter.frag) - ip_options_fragment(iter.frag); - for (;;) { /* Prepare header of the next frame, * before previous one went down. */ if (iter.frag) { + bool first_frag = (iter.offset == 0); + IPCB(iter.frag)->flags = IPCB(skb)->flags; ip_fraglist_prepare(skb, &iter); + if (first_frag) + ip_options_fragment(iter.frag); } skb->tstamp = tstamp;