[PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel
@ 2014-09-22  8:07 Steffen Klassert
  2014-09-22  8:07 ` [PATCH net 1/3] ip6_tunnel: Return an error when adding an " Steffen Klassert
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Steffen Klassert @ 2014-09-22  8:07 UTC (permalink / raw)
  To: David Miller; +Cc: Steffen Klassert, netdev

The ipv6 tunnel locate functions should not return an existing
tunnel if create is true. Otherwise it is possible to add the
same tunnel multiple times without getting an error.

All our ipv6 tunnels have this bug from the very beginning.
Only the sit tunnel was fixed some years ago with:

commit 8db99e57175 ("sit: Fail to create tunnel, if it already exists").

This patchset fixes the remaining ipv6 tunnels.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH net 1/3] ip6_tunnel: Return an error when adding an existing tunnel.
  2014-09-22  8:07 [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel Steffen Klassert
@ 2014-09-22  8:07 ` Steffen Klassert
  2014-09-22  8:07 ` [PATCH net 2/3] ip6_vti: " Steffen Klassert
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2014-09-22  8:07 UTC (permalink / raw)
  To: David Miller; +Cc: Steffen Klassert, netdev

ip6_tnl_locate() should not return an existing tunnel if
create is true. Otherwise it is possible to add the same
tunnel multiple times without getting an error.

So return NULL if the tunnel that should be created already
exists.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv6/ip6_tunnel.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index f9de5a6..69a84b4 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -364,8 +364,12 @@ static struct ip6_tnl *ip6_tnl_locate(struct net *net,
 	     (t = rtnl_dereference(*tp)) != NULL;
 	     tp = &t->next) {
 		if (ipv6_addr_equal(local, &t->parms.laddr) &&
-		    ipv6_addr_equal(remote, &t->parms.raddr))
+		    ipv6_addr_equal(remote, &t->parms.raddr)) {
+			if (create)
+				return NULL;
+
 			return t;
+		}
 	}
 	if (!create)
 		return NULL;
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH net 2/3] ip6_vti: Return an error when adding an existing tunnel.
  2014-09-22  8:07 [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel Steffen Klassert
  2014-09-22  8:07 ` [PATCH net 1/3] ip6_tunnel: Return an error when adding an " Steffen Klassert
@ 2014-09-22  8:07 ` Steffen Klassert
  2014-09-22  8:07 ` [PATCH net 3/3] ip6_gre: " Steffen Klassert
  2014-09-26  4:44 ` [PATCH net 0/3] ipv6: Return an error when adding an already " David Miller
  3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2014-09-22  8:07 UTC (permalink / raw)
  To: David Miller; +Cc: Steffen Klassert, netdev

vti6_locate() should not return an existing tunnel if
create is true. Otherwise it is possible to add the same
tunnel multiple times without getting an error.

So return NULL if the tunnel that should be created already
exists.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv6/ip6_vti.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 7f52fd9..5833a22 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -253,8 +253,12 @@ static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
 	     (t = rtnl_dereference(*tp)) != NULL;
 	     tp = &t->next) {
 		if (ipv6_addr_equal(local, &t->parms.laddr) &&
-		    ipv6_addr_equal(remote, &t->parms.raddr))
+		    ipv6_addr_equal(remote, &t->parms.raddr)) {
+			if (create)
+				return NULL;
+
 			return t;
+		}
 	}
 	if (!create)
 		return NULL;
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH net 3/3] ip6_gre: Return an error when adding an existing tunnel.
  2014-09-22  8:07 [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel Steffen Klassert
  2014-09-22  8:07 ` [PATCH net 1/3] ip6_tunnel: Return an error when adding an " Steffen Klassert
  2014-09-22  8:07 ` [PATCH net 2/3] ip6_vti: " Steffen Klassert
@ 2014-09-22  8:07 ` Steffen Klassert
  2014-09-26  4:44 ` [PATCH net 0/3] ipv6: Return an error when adding an already " David Miller
  3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2014-09-22  8:07 UTC (permalink / raw)
  To: David Miller; +Cc: Steffen Klassert, netdev

ip6gre_tunnel_locate() should not return an existing tunnel if
create is true. Otherwise it is possible to add the same
tunnel multiple times without getting an error.

So return NULL if the tunnel that should be created already
exists.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/ipv6/ip6_gre.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 5f19dfb..2e5a882 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -314,6 +314,8 @@ static struct ip6_tnl *ip6gre_tunnel_locate(struct net *net,
 	struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
 
 	t = ip6gre_tunnel_find(net, parms, ARPHRD_IP6GRE);
+	if (t && create)
+		return NULL;
 	if (t || !create)
 		return t;
 
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel
  2014-09-22  8:07 [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel Steffen Klassert
                   ` (2 preceding siblings ...)
  2014-09-22  8:07 ` [PATCH net 3/3] ip6_gre: " Steffen Klassert
@ 2014-09-26  4:44 ` David Miller
  3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2014-09-26  4:44 UTC (permalink / raw)
  To: steffen.klassert; +Cc: netdev

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Mon, 22 Sep 2014 10:07:23 +0200

> The ipv6 tunnel locate functions should not return an existing
> tunnel if create is true. Otherwise it is possible to add the
> same tunnel multiple times without getting an error.
> 
> All our ipv6 tunnels have this bug from the very beginning.
> Only the sit tunnel was fixed some years ago with:
> 
> commit 8db99e57175 ("sit: Fail to create tunnel, if it already exists").
> 
> This patchset fixes the remaining ipv6 tunnels.

Series applied and queued up for -stable, thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-09-26  4:44 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-22  8:07 [PATCH net 0/3] ipv6: Return an error when adding an already existing tunnel Steffen Klassert
2014-09-22  8:07 ` [PATCH net 1/3] ip6_tunnel: Return an error when adding an " Steffen Klassert
2014-09-22  8:07 ` [PATCH net 2/3] ip6_vti: " Steffen Klassert
2014-09-22  8:07 ` [PATCH net 3/3] ip6_gre: " Steffen Klassert
2014-09-26  4:44 ` [PATCH net 0/3] ipv6: Return an error when adding an already " David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).