Message ID | 1370406254-6341-1-git-send-email-stephen@networkplumber.org |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
On Wed, 05 Jun 2013 at 04:24 GMT, Stephen Hemminger <stephen@networkplumber.org> wrote: > Only migrate dynamic forwarding table entries, don't modify > static entries. If packet received from incorrect source IP address > assume it is an imposter and drop it. > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> > Nitpick: return bool instead of int -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Stephen please resolve Cong Wang's crashes and then take care of the "return bool" and typo nit picks while you're at it, and I'll apply this series it looks good otherwise. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 8111565..536082a 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -604,8 +604,8 @@ skip: /* Watch incoming packets to learn mapping between Ethernet address * and Tunnel endpoint. */ -static void vxlan_snoop(struct net_device *dev, - __be32 src_ip, const u8 *src_mac) +static int vxlan_snoop(struct net_device *dev, + __be32 src_ip, const u8 *src_mac) { struct vxlan_dev *vxlan = netdev_priv(dev); struct vxlan_fdb *f; @@ -614,7 +614,11 @@ static void vxlan_snoop(struct net_device *dev, f = vxlan_find_mac(vxlan, src_mac); if (likely(f)) { if (likely(f->remote.remote_ip == src_ip)) - return; + return 0; + + /* Don't migrate static entries, drop packets */ + if (!(f->flags & NTF_SELF)) + return 1; if (net_ratelimit()) netdev_info(dev, @@ -634,6 +638,8 @@ static void vxlan_snoop(struct net_device *dev, 0, NTF_SELF); spin_unlock(&vxlan->hash_lock); } + + return 0; } @@ -766,8 +772,9 @@ static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb) vxlan->dev->dev_addr) == 0) goto drop; - if (vxlan->flags & VXLAN_F_LEARN) - vxlan_snoop(skb->dev, oip->saddr, eth_hdr(skb)->h_source); + if ((vxlan->flags & VXLAN_F_LEARN) && + vxlan_snoop(skb->dev, oip->saddr, eth_hdr(skb)->h_source)) + goto drop; __skb_tunnel_rx(skb, vxlan->dev); skb_reset_network_header(skb);
Only migrate dynamic forwarding table entries, don't modify static entries. If packet received from incorrect source IP address assume it is an imposter and drop it. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> --- Should go to -stable as well. --- drivers/net/vxlan.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-)