* [PATCH] sit: Fix ipip6_tunnel_lookup device matching criteria
@ 2014-08-14 9:32 Shmulik Ladkani
2014-08-14 10:17 ` Nicolas Dichtel
2014-08-14 12:08 ` [PATCH] " Sergei Shtylyov
0 siblings, 2 replies; 5+ messages in thread
From: Shmulik Ladkani @ 2014-08-14 9:32 UTC (permalink / raw)
To: David S. Miller, netdev; +Cc: Sascha Hlusiak, Shmulik Ladkani
As of 4fddbf5d78, when looking up a tunnel, tunnel's underlying
interface (t->parms.link) is verified to match incoming traffic's
ingress device.
However the comparison was incorrectly based on skb->dev->iflink.
Instead, dev->ifindex should be used, which correctly represents the
interface from which the IP stack hands the ipip6 packets.
This allows setting up sit tunnels bound to vlan interfaces (otherwise
incoming ipip6 traffic on the vlan interface was dropped due to
ipip6_tunnel_lookup match failure).
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
---
net/ipv6/sit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 2e9ba035fb..6163f851dc 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -101,19 +101,19 @@ static struct ip_tunnel *ipip6_tunnel_lookup(struct net *net,
for_each_ip_tunnel_rcu(t, sitn->tunnels_r_l[h0 ^ h1]) {
if (local == t->parms.iph.saddr &&
remote == t->parms.iph.daddr &&
- (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
+ (!dev || !t->parms.link || dev->ifindex == t->parms.link) &&
(t->dev->flags & IFF_UP))
return t;
}
for_each_ip_tunnel_rcu(t, sitn->tunnels_r[h0]) {
if (remote == t->parms.iph.daddr &&
- (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
+ (!dev || !t->parms.link || dev->ifindex == t->parms.link) &&
(t->dev->flags & IFF_UP))
return t;
}
for_each_ip_tunnel_rcu(t, sitn->tunnels_l[h1]) {
if (local == t->parms.iph.saddr &&
- (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
+ (!dev || !t->parms.link || dev->ifindex == t->parms.link) &&
(t->dev->flags & IFF_UP))
return t;
}
--
1.9.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] sit: Fix ipip6_tunnel_lookup device matching criteria
2014-08-14 9:32 [PATCH] sit: Fix ipip6_tunnel_lookup device matching criteria Shmulik Ladkani
@ 2014-08-14 10:17 ` Nicolas Dichtel
2014-08-14 10:49 ` [PATCH v2] " Shmulik Ladkani
2014-08-14 12:08 ` [PATCH] " Sergei Shtylyov
1 sibling, 1 reply; 5+ messages in thread
From: Nicolas Dichtel @ 2014-08-14 10:17 UTC (permalink / raw)
To: Shmulik Ladkani, David S. Miller, netdev; +Cc: Sascha Hlusiak
Le 14/08/2014 11:32, Shmulik Ladkani a écrit :
> As of 4fddbf5d78, when looking up a tunnel, tunnel's underlying
Please, put also the subject of the commit like this:
4fddbf5d7854 ("sit: strictly restrict incoming traffic to tunnel link device")
> interface (t->parms.link) is verified to match incoming traffic's
> ingress device.
>
> However the comparison was incorrectly based on skb->dev->iflink.
>
> Instead, dev->ifindex should be used, which correctly represents the
> interface from which the IP stack hands the ipip6 packets.
>
> This allows setting up sit tunnels bound to vlan interfaces (otherwise
> incoming ipip6 traffic on the vlan interface was dropped due to
> ipip6_tunnel_lookup match failure).
>
> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] sit: Fix ipip6_tunnel_lookup device matching criteria
2014-08-14 10:17 ` Nicolas Dichtel
@ 2014-08-14 10:49 ` Shmulik Ladkani
2014-08-14 12:03 ` Nicolas Dichtel
0 siblings, 1 reply; 5+ messages in thread
From: Shmulik Ladkani @ 2014-08-14 10:49 UTC (permalink / raw)
To: David S. Miller, netdev; +Cc: Sascha Hlusiak, Nicolas Dichtel, Shmulik Ladkani
As of 4fddbf5d78 ("sit: strictly restrict incoming traffic to tunnel
link device"), when looking up a tunnel, tunnel's underlying
interface (t->parms.link) is verified to match incoming traffic's
ingress device.
However the comparison was incorrectly based on skb->dev->iflink.
Instead, dev->ifindex should be used, which correctly represents the
interface from which the IP stack hands the ipip6 packets.
This allows setting up sit tunnels bound to vlan interfaces (otherwise
incoming ipip6 traffic on the vlan interface was dropped due to
ipip6_tunnel_lookup match failure).
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
---
net/ipv6/sit.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 2e9ba035fb..6163f851dc 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -101,19 +101,19 @@ static struct ip_tunnel *ipip6_tunnel_lookup(struct net *net,
for_each_ip_tunnel_rcu(t, sitn->tunnels_r_l[h0 ^ h1]) {
if (local == t->parms.iph.saddr &&
remote == t->parms.iph.daddr &&
- (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
+ (!dev || !t->parms.link || dev->ifindex == t->parms.link) &&
(t->dev->flags & IFF_UP))
return t;
}
for_each_ip_tunnel_rcu(t, sitn->tunnels_r[h0]) {
if (remote == t->parms.iph.daddr &&
- (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
+ (!dev || !t->parms.link || dev->ifindex == t->parms.link) &&
(t->dev->flags & IFF_UP))
return t;
}
for_each_ip_tunnel_rcu(t, sitn->tunnels_l[h1]) {
if (local == t->parms.iph.saddr &&
- (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
+ (!dev || !t->parms.link || dev->ifindex == t->parms.link) &&
(t->dev->flags & IFF_UP))
return t;
}
--
1.9.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] sit: Fix ipip6_tunnel_lookup device matching criteria
2014-08-14 10:49 ` [PATCH v2] " Shmulik Ladkani
@ 2014-08-14 12:03 ` Nicolas Dichtel
0 siblings, 0 replies; 5+ messages in thread
From: Nicolas Dichtel @ 2014-08-14 12:03 UTC (permalink / raw)
To: Shmulik Ladkani, David S. Miller, netdev; +Cc: Sascha Hlusiak
Le 14/08/2014 12:49, Shmulik Ladkani a écrit :
> As of 4fddbf5d78 ("sit: strictly restrict incoming traffic to tunnel
> link device"), when looking up a tunnel, tunnel's underlying
Nitpicking, but David always asks to not split subject in two lines, even
if it's more than 80 columns.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] sit: Fix ipip6_tunnel_lookup device matching criteria
2014-08-14 9:32 [PATCH] sit: Fix ipip6_tunnel_lookup device matching criteria Shmulik Ladkani
2014-08-14 10:17 ` Nicolas Dichtel
@ 2014-08-14 12:08 ` Sergei Shtylyov
1 sibling, 0 replies; 5+ messages in thread
From: Sergei Shtylyov @ 2014-08-14 12:08 UTC (permalink / raw)
To: Shmulik Ladkani, David S. Miller, netdev; +Cc: Sascha Hlusiak
Hello.
On 8/14/2014 1:32 PM, Shmulik Ladkani wrote:
> As of 4fddbf5d78, when looking up a tunnel, tunnel's underlying
Please also specify that commit's summary line in parens.
> interface (t->parms.link) is verified to match incoming traffic's
> ingress device.
> However the comparison was incorrectly based on skb->dev->iflink.
> Instead, dev->ifindex should be used, which correctly represents the
> interface from which the IP stack hands the ipip6 packets.
> This allows setting up sit tunnels bound to vlan interfaces (otherwise
> incoming ipip6 traffic on the vlan interface was dropped due to
> ipip6_tunnel_lookup match failure).
> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
WBR, Sergei
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-08-14 12:08 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-14 9:32 [PATCH] sit: Fix ipip6_tunnel_lookup device matching criteria Shmulik Ladkani
2014-08-14 10:17 ` Nicolas Dichtel
2014-08-14 10:49 ` [PATCH v2] " Shmulik Ladkani
2014-08-14 12:03 ` Nicolas Dichtel
2014-08-14 12:08 ` [PATCH] " Sergei Shtylyov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).