diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2024-09-12 20:30:32 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2024-09-12 20:30:33 -0700 |
| commit | 1f2e900ac26fed3b1d11dbcb9f25589644330112 (patch) | |
| tree | 1ba50120c4f506e2fbe98d30e4b219f911c67be7 | |
| parent | 5abfdfd402699ce7c1e81d1a25bc37f60f7741ff (diff) | |
| parent | c471236b2359e6b27388475dd04fff0a5e2bf922 (diff) | |
Merge branch 'bareudp-pull-inner-ip-header-on-xmit-recv'
Guillaume Nault says:
====================
bareudp: Pull inner IP header on xmit/recv.
Bareudp accesses the inner IP header in its xmit and recv paths.
However it doesn't ensure that this header is part of skb->head.
Both vxlan and geneve have received fixes for similar problems
in the past. This series fixes bareudp using the same approach.
====================
Link: https://patch.msgid.link/cover.1726046181.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | drivers/net/bareudp.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/drivers/net/bareudp.c b/drivers/net/bareudp.c index 7aca0544fb29..e80992b4f9de 100644 --- a/drivers/net/bareudp.c +++ b/drivers/net/bareudp.c @@ -68,6 +68,7 @@ static int bareudp_udp_encap_recv(struct sock *sk, struct sk_buff *skb) __be16 proto; void *oiph; int err; + int nh; bareudp = rcu_dereference_sk_user_data(sk); if (!bareudp) @@ -148,10 +149,25 @@ static int bareudp_udp_encap_recv(struct sock *sk, struct sk_buff *skb) } skb_dst_set(skb, &tun_dst->dst); skb->dev = bareudp->dev; - oiph = skb_network_header(skb); - skb_reset_network_header(skb); skb_reset_mac_header(skb); + /* Save offset of outer header relative to skb->head, + * because we are going to reset the network header to the inner header + * and might change skb->head. + */ + nh = skb_network_header(skb) - skb->head; + + skb_reset_network_header(skb); + + if (!pskb_inet_may_pull(skb)) { + DEV_STATS_INC(bareudp->dev, rx_length_errors); + DEV_STATS_INC(bareudp->dev, rx_errors); + goto drop; + } + + /* Get the outer header. */ + oiph = skb->head + nh; + if (!ipv6_mod_enabled() || family == AF_INET) err = IP_ECN_decapsulate(oiph, skb); else @@ -301,6 +317,9 @@ static int bareudp_xmit_skb(struct sk_buff *skb, struct net_device *dev, __be32 saddr; int err; + if (!skb_vlan_inet_prepare(skb, skb->protocol != htons(ETH_P_TEB))) + return -EINVAL; + if (!sock) return -ESHUTDOWN; @@ -368,6 +387,9 @@ static int bareudp6_xmit_skb(struct sk_buff *skb, struct net_device *dev, __be16 sport; int err; + if (!skb_vlan_inet_prepare(skb, skb->protocol != htons(ETH_P_TEB))) + return -EINVAL; + if (!sock) return -ESHUTDOWN; |