From: Andreas Schultz <aschultz@tpip.net>
To: pablo <pablo@netfilter.org>
Cc: netdev@vger.kernel.org,
Lionel Gauthier <Lionel.Gauthier@eurecom.fr>,
openbsc@lists.osmocom.org, laforge <laforge@gnumonks.org>
Subject: Re: [PATCH 5/5] gtp: let userspace handle packets for invalid tunnels
Date: Tue, 24 Jan 2017 21:02:31 +0100 (CET) [thread overview]
Message-ID: <1060167008.597625.1485288151511.JavaMail.zimbra@tpip.net> (raw)
In-Reply-To: <20170124190349.GA9757@salvia>
Hi Pablo,
----- On Jan 24, 2017, at 8:03 PM, pablo pablo@netfilter.org wrote:
> Hi Andreas,
>
> On Tue, Jan 24, 2017 at 06:24:02PM +0100, Andreas Schultz wrote:
>> enable userspace to send error replies for invalid tunnels
>>
>> Signed-off-by: Andreas Schultz <aschultz@tpip.net>
>> ---
>> drivers/net/gtp.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
>> index 912721e..c607333 100644
>> --- a/drivers/net/gtp.c
>> +++ b/drivers/net/gtp.c
>> @@ -198,12 +198,12 @@ static int gtp0_udp_encap_recv(struct gtp_dev *gtp, struct
>> sk_buff *skb,
>> pctx = gtp0_pdp_find(gtp, be64_to_cpu(gtp0->tid));
>> if (!pctx) {
>> netdev_dbg(gtp->dev, "No PDP ctx to decap skb=%p\n", skb);
>> - return -1;
>> + return 1;
>> }
>>
>> if (!gtp_check_src_ms(skb, pctx, hdrlen)) {
>> netdev_dbg(gtp->dev, "No PDP ctx for this MS\n");
>> - return -1;
>> + return 1;
>
> So userspace gets the packet that we cannot forward. I guess your
> userspace codebase performs this sanity checks again so you can send
> the appropriate error reply?
For TEID /= 0, the only reply is a T-PDU of type error indication. There
is no cause specified. So I don't actually have to repeat the check.
TEID == 0 is more interesting, this tells userspace that it tried to
send on an invalid tunnel and should tear it down.
If you like, you can have a look at the userspace code. The relevant piece
is at https://github.com/travelping/gtp_u_kmod/blob/master/src/gtp_u_kmod_port.erl#L231
But be warned, it's written in Erlang ;-)
Andreas
>
>> }
>>
>> /* Get rid of the GTP + UDP headers. */
>> @@ -247,12 +247,12 @@ static int gtp1u_udp_encap_recv(struct gtp_dev *gtp,
>> struct sk_buff *skb,
>> pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid));
>> if (!pctx) {
>> netdev_dbg(gtp->dev, "No PDP ctx to decap skb=%p\n", skb);
>> - return -1;
>> + return 1;
>> }
>>
>> if (!gtp_check_src_ms(skb, pctx, hdrlen)) {
>> netdev_dbg(gtp->dev, "No PDP ctx for this MS\n");
>> - return -1;
>> + return 1;
>> }
>>
>> /* Get rid of the GTP + UDP headers. */
>> --
>> 2.10.2
next prev parent reply other threads:[~2017-01-24 20:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-24 17:23 [PATCH 0/5] simple gtp improvements Andreas Schultz
2017-01-24 17:23 ` [PATCH 1/5] gtp: add genl family modules alias Andreas Schultz
2017-01-24 19:16 ` Pablo Neira Ayuso
2017-01-24 17:23 ` [PATCH 2/5] gtp: clear DF bit on GTP packet tx Andreas Schultz
2017-01-24 19:17 ` Pablo Neira Ayuso
2017-01-24 17:24 ` [PATCH 3/5] gtp: fix cross netns recv on gtp socket Andreas Schultz
2017-01-24 19:15 ` Pablo Neira Ayuso
2017-01-24 23:48 ` kbuild test robot
2017-01-24 17:24 ` [PATCH 4/5] gtp: remove unnecessary rcu_read_lock Andreas Schultz
2017-01-24 19:17 ` Pablo Neira Ayuso
2017-01-24 17:24 ` [PATCH 5/5] gtp: let userspace handle packets for invalid tunnels Andreas Schultz
2017-01-24 19:03 ` Pablo Neira Ayuso
2017-01-24 20:02 ` Andreas Schultz [this message]
2017-01-24 20:19 ` Pablo Neira Ayuso
2017-01-24 18:26 ` [PATCH 0/5] simple gtp improvements Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1060167008.597625.1485288151511.JavaMail.zimbra@tpip.net \
--to=aschultz@tpip.net \
--cc=Lionel.Gauthier@eurecom.fr \
--cc=laforge@gnumonks.org \
--cc=netdev@vger.kernel.org \
--cc=openbsc@lists.osmocom.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.