From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Guillaume Nault <gnault@redhat.com>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 4.19 51/58] udp: mask TOS bits in udp_v4_early_demux()
Date: Mon, 25 Jan 2021 19:39:52 +0100 [thread overview]
Message-ID: <20210125183158.900130769@linuxfoundation.org> (raw)
In-Reply-To: <20210125183156.702907356@linuxfoundation.org>
From: Guillaume Nault <gnault@redhat.com>
commit 8d2b51b008c25240914984208b2ced57d1dd25a5 upstream.
udp_v4_early_demux() is the only function that calls
ip_mc_validate_source() with a TOS that hasn't been masked with
IPTOS_RT_MASK.
This results in different behaviours for incoming multicast UDPv4
packets, depending on if ip_mc_validate_source() is called from the
early-demux path (udp_v4_early_demux) or from the regular input path
(ip_route_input_noref).
ECN would normally not be used with UDP multicast packets, so the
practical consequences should be limited on that side. However,
IPTOS_RT_MASK is used to also masks the TOS' high order bits, to align
with the non-early-demux path behaviour.
Reproducer:
Setup two netns, connected with veth:
$ ip netns add ns0
$ ip netns add ns1
$ ip -netns ns0 link set dev lo up
$ ip -netns ns1 link set dev lo up
$ ip link add name veth01 netns ns0 type veth peer name veth10 netns ns1
$ ip -netns ns0 link set dev veth01 up
$ ip -netns ns1 link set dev veth10 up
$ ip -netns ns0 address add 192.0.2.10 peer 192.0.2.11/32 dev veth01
$ ip -netns ns1 address add 192.0.2.11 peer 192.0.2.10/32 dev veth10
In ns0, add route to multicast address 224.0.2.0/24 using source
address 198.51.100.10:
$ ip -netns ns0 address add 198.51.100.10/32 dev lo
$ ip -netns ns0 route add 224.0.2.0/24 dev veth01 src 198.51.100.10
In ns1, define route to 198.51.100.10, only for packets with TOS 4:
$ ip -netns ns1 route add 198.51.100.10/32 tos 4 dev veth10
Also activate rp_filter in ns1, so that incoming packets not matching
the above route get dropped:
$ ip netns exec ns1 sysctl -wq net.ipv4.conf.veth10.rp_filter=1
Now try to receive packets on 224.0.2.11:
$ ip netns exec ns1 socat UDP-RECVFROM:1111,ip-add-membership=224.0.2.11:veth10,ignoreeof -
In ns0, send packet to 224.0.2.11 with TOS 4 and ECT(0) (that is,
tos 6 for socat):
$ echo test0 | ip netns exec ns0 socat - UDP-DATAGRAM:224.0.2.11:1111,bind=:1111,tos=6
The "test0" message is properly received by socat in ns1, because
early-demux has no cached dst to use, so source address validation
is done by ip_route_input_mc(), which receives a TOS that has the
ECN bits masked.
Now send another packet to 224.0.2.11, still with TOS 4 and ECT(0):
$ echo test1 | ip netns exec ns0 socat - UDP-DATAGRAM:224.0.2.11:1111,bind=:1111,tos=6
The "test1" message isn't received by socat in ns1, because, now,
early-demux has a cached dst to use and calls ip_mc_validate_source()
immediately, without masking the ECN bits.
Fixes: bc044e8db796 ("udp: perform source validation for mcast early demux")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/udp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2416,7 +2416,8 @@ int udp_v4_early_demux(struct sk_buff *s
*/
if (!inet_sk(sk)->inet_daddr && in_dev)
return ip_mc_validate_source(skb, iph->daddr,
- iph->saddr, iph->tos,
+ iph->saddr,
+ iph->tos & IPTOS_RT_MASK,
skb->dev, in_dev, &itag);
}
return 0;
next prev parent reply other threads:[~2021-01-25 18:49 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 18:39 [PATCH 4.19 00/58] 4.19.171-rc1 review Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 01/58] i2c: bpmp-tegra: Ignore unknown I2C_M flags Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 02/58] ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 03/58] ALSA: hda/via: Add minimum mute flag Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 04/58] ACPI: scan: Make acpi_bus_get_device() clear return pointer on error Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 05/58] btrfs: fix lockdep splat in btrfs_recover_relocation Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 06/58] mmc: core: dont initialize block size from ext_csd if not present Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 07/58] mmc: sdhci-xenon: fix 1.8v regulator stabilization Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 08/58] dm: avoid filesystem lookup in dm_get_dev_t() Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 09/58] dm integrity: fix a crash if "recalculate" used without "internal_hash" Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 10/58] drm/atomic: put state on error path Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 11/58] ASoC: Intel: haswell: Add missing pm_ops Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 12/58] dm integrity: select CRYPTO_SKCIPHER Greg Kroah-Hartman
2021-01-25 18:58 ` Pavel Machek
2021-01-25 19:14 ` Anthony Iliopoulos
2021-01-26 8:47 ` Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 13/58] scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 14/58] scsi: qedi: Correct max length of CHAP secret Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 15/58] riscv: Fix kernel time_init() Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 16/58] HID: Ignore battery for Elan touchscreen on ASUS UX550 Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 17/58] clk: tegra30: Add hda clock default rates to clock driver Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 18/58] xen: Fix event channel callback via INTX/GSI Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 19/58] drm/nouveau/bios: fix issue shadowing expansion ROMs Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 20/58] drm/nouveau/privring: ack interrupts the same way as RM Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 21/58] drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 22/58] drm/nouveau/mmu: fix vram heap sizing Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 23/58] drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 24/58] scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 25/58] i2c: octeon: check correct size of maximum RECV_LEN packet Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 26/58] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 27/58] selftests: net: fib_tests: remove duplicate log test Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 28/58] can: dev: can_restart: fix use after free bug Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 29/58] can: vxcan: vxcan_xmit: " Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 30/58] can: peak_usb: fix use after free bugs Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 31/58] iio: ad5504: Fix setting power-down state Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 32/58] irqchip/mips-cpu: Set IPI domain parent chip Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 33/58] intel_th: pci: Add Alder Lake-P support Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 34/58] stm class: Fix module init return on allocation failure Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 35/58] serial: mvebu-uart: fix tx lost characters at power off Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 36/58] ehci: fix EHCI host controller initialization sequence Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 37/58] USB: ehci: fix an interrupt calltrace error Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 38/58] usb: gadget: aspeed: fix stop dma register setting Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 39/58] usb: udc: core: Use lock when write to soft_connect Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 40/58] usb: bdc: Make bdc pci driver depend on BROKEN Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 41/58] xhci: make sure TRB is fully written before giving it to the controller Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 42/58] xhci: tegra: Delay for disabling LFPS detector Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 43/58] driver core: Extend device_is_dependent() Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 44/58] netfilter: rpfilter: mask ecn bits before fib lookup Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 45/58] sh: dma: fix kconfig dependency for G2_DMA Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 46/58] net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext Greg Kroah-Hartman
2021-01-25 19:40 ` Rasmus Villemoes
2021-01-25 19:59 ` Rasmus Villemoes
2021-01-26 8:50 ` Greg Kroah-Hartman
2021-01-26 9:52 ` Rasmus Villemoes
2021-01-25 18:39 ` [PATCH 4.19 47/58] sh_eth: Fix power down vs. is_opened flag ordering Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 48/58] skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 49/58] kasan: fix unaligned address is unhandled in kasan_remove_zero_shadow Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 50/58] kasan: fix incorrect arguments passing in kasan_add_zero_shadow Greg Kroah-Hartman
2021-01-25 18:39 ` Greg Kroah-Hartman [this message]
2021-01-25 18:39 ` [PATCH 4.19 52/58] ipv6: create multicast route with RTPROT_KERNEL Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 53/58] net_sched: avoid shift-out-of-bounds in tcindex_set_parms() Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 54/58] net_sched: reject silly cell_log in qdisc_get_rtab() Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 55/58] ipv6: set multicast flag on the multicast route Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 56/58] net: mscc: ocelot: allow offloading of bridge on top of LAG Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 57/58] net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled Greg Kroah-Hartman
2021-01-25 18:39 ` [PATCH 4.19 58/58] net: dsa: b53: fix an off by one in checking "vlan->vid" Greg Kroah-Hartman
2021-01-25 20:47 ` [PATCH 4.19 00/58] 4.19.171-rc1 review Pavel Machek
2021-01-26 8:11 ` Naresh Kamboju
2021-01-26 19:27 ` Guenter Roeck
2021-01-26 23:38 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210125183158.900130769@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gnault@redhat.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).