* pull request (net): ipsec 2015-01-26
@ 2015-01-26 7:48 Steffen Klassert
2015-01-26 7:48 ` [PATCH 1/2] xfrm6: Fix transport header offset in _decode_session6 Steffen Klassert
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Steffen Klassert @ 2015-01-26 7:48 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
Just two small fixes for _decode_session6() where we
might decode to wrong header information in some rare
situations.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit f2a01517f2a1040a0b156f171a7cefd748f2fd03:
openvswitch: Fix flow mask validation. (2014-12-05 21:42:16 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
for you to fetch changes up to f855691975bb06373a98711e4cfe2c224244b536:
xfrm6: Fix the nexthdr offset in _decode_session6. (2014-12-08 07:56:18 +0100)
----------------------------------------------------------------
Steffen Klassert (2):
xfrm6: Fix transport header offset in _decode_session6.
xfrm6: Fix the nexthdr offset in _decode_session6.
net/ipv6/xfrm6_policy.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] xfrm6: Fix transport header offset in _decode_session6.
2015-01-26 7:48 pull request (net): ipsec 2015-01-26 Steffen Klassert
@ 2015-01-26 7:48 ` Steffen Klassert
2015-01-26 7:48 ` [PATCH 2/2] xfrm6: Fix the nexthdr " Steffen Klassert
2015-01-27 8:28 ` pull request (net): ipsec 2015-01-26 David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Steffen Klassert @ 2015-01-26 7:48 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
skb->transport_header might not be valid when we do a reverse
decode because the ipv6 tunnel error handlers don't update it
to the inner transport header. This leads to a wrong offset
calculation and to wrong layer 4 informations. We fix this
by using the size of the ipv6 header as the first offset.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv6/xfrm6_policy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 5f98364..aa48302 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -130,8 +130,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
{
struct flowi6 *fl6 = &fl->u.ip6;
int onlyproto = 0;
- u16 offset = skb_network_header_len(skb);
const struct ipv6hdr *hdr = ipv6_hdr(skb);
+ u16 offset = sizeof(*hdr);
struct ipv6_opt_hdr *exthdr;
const unsigned char *nh = skb_network_header(skb);
u8 nexthdr = nh[IP6CB(skb)->nhoff];
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] xfrm6: Fix the nexthdr offset in _decode_session6.
2015-01-26 7:48 pull request (net): ipsec 2015-01-26 Steffen Klassert
2015-01-26 7:48 ` [PATCH 1/2] xfrm6: Fix transport header offset in _decode_session6 Steffen Klassert
@ 2015-01-26 7:48 ` Steffen Klassert
2015-01-27 8:28 ` pull request (net): ipsec 2015-01-26 David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Steffen Klassert @ 2015-01-26 7:48 UTC (permalink / raw)
To: David Miller; +Cc: Herbert Xu, Steffen Klassert, netdev
xfrm_decode_session() was originally designed for the
usage in the receive path where the correct nexthdr offset
is stored in IP6CB(skb)->nhoff. Over time this function
spread to code that is used in the output path (netfilter,
vti) where IP6CB(skb)->nhoff is not set. As a result, we
get a wrong nexthdr and the upper layer flow informations
are wrong. This can leed to incorrect policy lookups.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/ipv6/xfrm6_policy.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index aa48302..48bf5a0 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -134,8 +134,14 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
u16 offset = sizeof(*hdr);
struct ipv6_opt_hdr *exthdr;
const unsigned char *nh = skb_network_header(skb);
- u8 nexthdr = nh[IP6CB(skb)->nhoff];
+ u16 nhoff = IP6CB(skb)->nhoff;
int oif = 0;
+ u8 nexthdr;
+
+ if (!nhoff)
+ nhoff = offsetof(struct ipv6hdr, nexthdr);
+
+ nexthdr = nh[nhoff];
if (skb_dst(skb))
oif = skb_dst(skb)->dev->ifindex;
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: pull request (net): ipsec 2015-01-26
2015-01-26 7:48 pull request (net): ipsec 2015-01-26 Steffen Klassert
2015-01-26 7:48 ` [PATCH 1/2] xfrm6: Fix transport header offset in _decode_session6 Steffen Klassert
2015-01-26 7:48 ` [PATCH 2/2] xfrm6: Fix the nexthdr " Steffen Klassert
@ 2015-01-27 8:28 ` David Miller
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2015-01-27 8:28 UTC (permalink / raw)
To: steffen.klassert; +Cc: herbert, netdev
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Mon, 26 Jan 2015 08:48:21 +0100
> Just two small fixes for _decode_session6() where we
> might decode to wrong header information in some rare
> situations.
>
> Please pull or let me know if there are problems.
Pulled, thanks a lot Steffen.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-01-27 8:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-26 7:48 pull request (net): ipsec 2015-01-26 Steffen Klassert
2015-01-26 7:48 ` [PATCH 1/2] xfrm6: Fix transport header offset in _decode_session6 Steffen Klassert
2015-01-26 7:48 ` [PATCH 2/2] xfrm6: Fix the nexthdr " Steffen Klassert
2015-01-27 8:28 ` pull request (net): ipsec 2015-01-26 David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.