[PATCH net 1/1] net/ipv4: ip_vti clear skb cb before tunneling.

[PATCH net 1/1] net/ipv4: ip_vti clear skb cb before tunneling.

[Saurabh Mohan]

From: Saurabh Mohan <saurabh@vyatta.com>

If users apply shaper to vti tunnel then it will cause a kernel crash. The
problem seems to be due to the vti_tunnel_xmit function not clearing
skb->opt field before passing the packet to xfrm tunneling code.

Signed-off-by: Saurabh Mohan <saurabh@vyatta.com>
---
 net/ipv4/ip_vti.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 9d2bdb2..c118f6b 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -361,8 +361,7 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
 			tunnel->err_count = 0;
 	}
 
-	IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
-			      IPSKB_REROUTED);
+	memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
 	skb_dst_drop(skb);
 	skb_dst_set(skb, &rt->dst);
 	nf_reset(skb);
-- 
1.7.2.5

Re: [PATCH net 1/1] net/ipv4: ip_vti clear skb cb before tunneling.

[Stephen Hemminger]

On Mon, 10 Jun 2013 17:45:10 -0700
Saurabh Mohan <saumoh@gmail.com> wrote:

> From: Saurabh Mohan <saurabh@vyatta.com>
> 
> If users apply shaper to vti tunnel then it will cause a kernel crash. The
> problem seems to be due to the vti_tunnel_xmit function not clearing
> skb->opt field before passing the packet to xfrm tunneling code.
> 
> Signed-off-by: Saurabh Mohan <saurabh@vyatta.com>
> ---
>  net/ipv4/ip_vti.c |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
> index 9d2bdb2..c118f6b 100644
> --- a/net/ipv4/ip_vti.c
> +++ b/net/ipv4/ip_vti.c
> @@ -361,8 +361,7 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
>  			tunnel->err_count = 0;
>  	}
>  
> -	IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
> -			      IPSKB_REROUTED);
> +	memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
>  	skb_dst_drop(skb);
>  	skb_dst_set(skb, &rt->dst);
>  	nf_reset(skb);

Thanks, this applies to 3.9 and earlier kernels. When the tunnel code was unified,
this was fixed in ip_tunnel.c

Acked-by: Stephen Hemminger <stephen@networkplumber.org>

Re: [PATCH net 1/1] net/ipv4: ip_vti clear skb cb before tunneling.

[David Miller]

From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 10 Jun 2013 18:28:22 -0700

> On Mon, 10 Jun 2013 17:45:10 -0700
> Saurabh Mohan <saumoh@gmail.com> wrote:
> 
>> From: Saurabh Mohan <saurabh@vyatta.com>
>> 
>> If users apply shaper to vti tunnel then it will cause a kernel crash. The
>> problem seems to be due to the vti_tunnel_xmit function not clearing
>> skb->opt field before passing the packet to xfrm tunneling code.
>> 
>> Signed-off-by: Saurabh Mohan <saurabh@vyatta.com>
 ...
> Thanks, this applies to 3.9 and earlier kernels. When the tunnel code was unified,
> this was fixed in ip_tunnel.c
> 
> Acked-by: Stephen Hemminger <stephen@networkplumber.org>

Applied and queued up for -stable, thanks.