From patchwork Sat Jan 30 11:54:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aviraj CJ X-Patchwork-Id: 12057189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14570C433E0 for ; Sat, 30 Jan 2021 11:56:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C2A9D64E04 for ; Sat, 30 Jan 2021 11:56:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230469AbhA3L4G (ORCPT ); Sat, 30 Jan 2021 06:56:06 -0500 Received: from bgl-iport-3.cisco.com ([72.163.197.27]:54102 "EHLO bgl-iport-3.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229636AbhA3L4F (ORCPT ); Sat, 30 Jan 2021 06:56:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1031; q=dns/txt; s=iport; t=1612007764; x=1613217364; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=SjQny2U0SmNslQRFB24Sf6IeYW9zw4iqoArd6ysixCo=; b=PB2oOHNvIrbDXYE9NtmFp+FI8gzfCltEeFQXT7uJeorcUfzDoa7w+QWO 5GcsyXSyTicby6PWCKr/ecASHQLNjqo+MvSHz6QAorTWb0IcXqsFKtK5M T/6MceMnIQVn1O2s5VsGHLiAEcLx/gmCwxDD7CiFvL7U29z9oy8bSWzqM A=; X-IronPort-AV: E=Sophos;i="5.79,388,1602547200"; d="scan'208";a="136659721" Received: from vla196-nat.cisco.com (HELO bgl-core-3.cisco.com) ([72.163.197.24]) by bgl-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Jan 2021 11:55:21 +0000 Received: from bgl-ads-1848.cisco.com (bgl-ads-1848.cisco.com [173.39.51.250]) by bgl-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 10UBtLIB019333 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 30 Jan 2021 11:55:21 GMT Received: by bgl-ads-1848.cisco.com (Postfix, from userid 838444) id 1E221CC1251; Sat, 30 Jan 2021 17:25:21 +0530 (IST) From: Aviraj CJ To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, xe-linux-external@cisco.com, acj@cisco.com Cc: Hangbin Liu , Jakub Kicinski Subject: [PATCH stable v5.4 1/2] ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition Date: Sat, 30 Jan 2021 17:24:51 +0530 Message-Id: <20210130115452.19192-1-acj@cisco.com> X-Mailer: git-send-email 2.26.2.Cisco MIME-Version: 1.0 X-Auto-Response-Suppress: DR, OOF, AutoReply X-Outbound-SMTP-Client: 173.39.51.250, bgl-ads-1848.cisco.com X-Outbound-Node: bgl-core-3.cisco.com Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Hangbin Liu commit b59e286be280fa3c2e94a0716ddcee6ba02bc8ba upstream. Based on RFC7112, Section 6: IANA has added the following "Type 4 - Parameter Problem" message to the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" registry: CODE NAME/DESCRIPTION 3 IPv6 First Fragment has incomplete IPv6 Header Chain Signed-off-by: Hangbin Liu Signed-off-by: Jakub Kicinski Signed-off-by: Aviraj CJ --- include/uapi/linux/icmpv6.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/icmpv6.h b/include/uapi/linux/icmpv6.h index 2622b5a3e616..9a31ea2ad1cf 100644 --- a/include/uapi/linux/icmpv6.h +++ b/include/uapi/linux/icmpv6.h @@ -137,6 +137,7 @@ struct icmp6hdr { #define ICMPV6_HDR_FIELD 0 #define ICMPV6_UNK_NEXTHDR 1 #define ICMPV6_UNK_OPTION 2 +#define ICMPV6_HDR_INCOMP 3 /* * constants for (set|get)sockopt From patchwork Sat Jan 30 11:54:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aviraj CJ X-Patchwork-Id: 12057191 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D72A6C433E6 for ; Sat, 30 Jan 2021 11:56:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7538064E18 for ; Sat, 30 Jan 2021 11:56:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231533AbhA3L4S (ORCPT ); Sat, 30 Jan 2021 06:56:18 -0500 Received: from bgl-iport-1.cisco.com ([72.163.197.25]:55933 "EHLO bgl-iport-1.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229636AbhA3L4P (ORCPT ); Sat, 30 Jan 2021 06:56:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3911; q=dns/txt; s=iport; t=1612007774; x=1613217374; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8T6xhh/+97MYL69HOZHijmar/RuLTo27yNHNS+EKjJA=; b=ZowTdEvZq9ACt1BsaRUOFIfmJTV0qidqZR3h9cUHdaSPshv9eG6lf1L3 OhDMyEaAfeKrm3tXRe92nr0HLss8tRLbkFIDJ/KLbzLPfgh3h1ZtwwY3J tgZi2MyylQCeCffMCAnBB8tOXa9hwjFFkCmztMY7hf1evykrwQkxCV2qJ 4=; X-IronPort-AV: E=Sophos;i="5.79,388,1602547200"; d="scan'208";a="164142947" Received: from vla196-nat.cisco.com (HELO bgl-core-1.cisco.com) ([72.163.197.24]) by bgl-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Jan 2021 11:55:29 +0000 Received: from bgl-ads-1848.cisco.com (bgl-ads-1848.cisco.com [173.39.51.250]) by bgl-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 10UBtTHh006232 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 30 Jan 2021 11:55:29 GMT Received: by bgl-ads-1848.cisco.com (Postfix, from userid 838444) id DF9E3CC1251; Sat, 30 Jan 2021 17:25:28 +0530 (IST) From: Aviraj CJ To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, xe-linux-external@cisco.com, acj@cisco.com Cc: Hangbin Liu , Jakub Kicinski Subject: [PATCH stable v5.4 2/2] IPv6: reply ICMP error if the first fragment don't include all headers Date: Sat, 30 Jan 2021 17:24:52 +0530 Message-Id: <20210130115452.19192-2-acj@cisco.com> X-Mailer: git-send-email 2.26.2.Cisco In-Reply-To: <20210130115452.19192-1-acj@cisco.com> References: <20210130115452.19192-1-acj@cisco.com> MIME-Version: 1.0 X-Auto-Response-Suppress: DR, OOF, AutoReply X-Outbound-SMTP-Client: 173.39.51.250, bgl-ads-1848.cisco.com X-Outbound-Node: bgl-core-1.cisco.com Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Hangbin Liu commit 2efdaaaf883a143061296467913c01aa1ff4b3ce upstream. Based on RFC 8200, Section 4.5 Fragment Header: - If the first fragment does not include all headers through an Upper-Layer header, then that fragment should be discarded and an ICMP Parameter Problem, Code 3, message should be sent to the source of the fragment, with the Pointer field set to zero. Checking each packet header in IPv6 fast path will have performance impact, so I put the checking in ipv6_frag_rcv(). As the packet may be any kind of L4 protocol, I only checked some common protocols' header length and handle others by (offset + 1) > skb->len. Also use !(frag_off & htons(IP6_OFFSET)) to catch atomic fragments (fragmented packet with only one fragment). When send ICMP error message, if the 1st truncated fragment is ICMP message, icmp6_send() will break as is_ineligible() return true. So I added a check in is_ineligible() to let fragment packet with nexthdr ICMP but no ICMP header return false. Signed-off-by: Hangbin Liu Signed-off-by: Jakub Kicinski Signed-off-by: Aviraj CJ --- net/ipv6/icmp.c | 8 +++++++- net/ipv6/reassembly.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 7d3a3894f785..e9bb89131e02 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -158,7 +158,13 @@ static bool is_ineligible(const struct sk_buff *skb) tp = skb_header_pointer(skb, ptr+offsetof(struct icmp6hdr, icmp6_type), sizeof(_type), &_type); - if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) + + /* Based on RFC 8200, Section 4.5 Fragment Header, return + * false if this is a fragment packet with no icmp header info. + */ + if (!tp && frag_off != 0) + return false; + else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) return true; } return false; diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 1f5d4d196dcc..c8cf1bbad74a 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c @@ -42,6 +42,8 @@ #include #include #include +#include +#include #include #include @@ -322,7 +324,9 @@ static int ipv6_frag_rcv(struct sk_buff *skb) struct frag_queue *fq; const struct ipv6hdr *hdr = ipv6_hdr(skb); struct net *net = dev_net(skb_dst(skb)->dev); - int iif; + __be16 frag_off; + int iif, offset; + u8 nexthdr; if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED) goto fail_hdr; @@ -351,6 +355,33 @@ static int ipv6_frag_rcv(struct sk_buff *skb) return 1; } + /* RFC 8200, Section 4.5 Fragment Header: + * If the first fragment does not include all headers through an + * Upper-Layer header, then that fragment should be discarded and + * an ICMP Parameter Problem, Code 3, message should be sent to + * the source of the fragment, with the Pointer field set to zero. + */ + nexthdr = hdr->nexthdr; + offset = ipv6_skip_exthdr(skb, skb_transport_offset(skb), &nexthdr, &frag_off); + if (offset >= 0) { + /* Check some common protocols' header */ + if (nexthdr == IPPROTO_TCP) + offset += sizeof(struct tcphdr); + else if (nexthdr == IPPROTO_UDP) + offset += sizeof(struct udphdr); + else if (nexthdr == IPPROTO_ICMPV6) + offset += sizeof(struct icmp6hdr); + else + offset += 1; + + if (!(frag_off & htons(IP6_OFFSET)) && offset > skb->len) { + __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), + IPSTATS_MIB_INHDRERRORS); + icmpv6_param_prob(skb, ICMPV6_HDR_INCOMP, 0); + return -1; + } + } + iif = skb->dev ? skb->dev->ifindex : 0; fq = fq_find(net, fhdr->identification, hdr, iif); if (fq) {