[v2] ip_forward: Drop frames with attached skb->sk

Message ID	1429514360.7091.9.camel@googlemail.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Sebastian Poehn <sebastian.poehn@gmail.com> Message-ID: <1429514360.7091.9.camel@googlemail.com> Subject: [PATCH v2] ip_forward: Drop frames with attached skb->sk To: netdev@vger.kernel.org Date: Mon, 20 Apr 2015 09:19:20 +0200 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1429514360.7091.9.camel@googlemail.com

State

Accepted, archived

Delegated to:

David Miller

Headers

From: Sebastian Poehn <sebastian.poehn@gmail.com>
Message-ID: <1429514360.7091.9.camel@googlemail.com>
Subject: [PATCH v2] ip_forward: Drop frames with attached skb->sk
To: netdev@vger.kernel.org
Date: Mon, 20 Apr 2015 09:19:20 +0200
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Sebastian =?ISO-8859-1?Q?P=F6hn?= April 20, 2015, 7:19 a.m. UTC

Initial discussion was:
[FYI] xfrm: Don't lookup sk_policy for timewait sockets

Forwarded frames should not have a socket attached. Especially
tw sockets will lead to panics later-on in the stack.

This was observed with TPROXY assigning a tw socket and broken
policy routing (misconfigured). As a result frame enters
forwarding path instead of input. We cannot solve this in
TPROXY as it cannot know that policy routing is broken.

v2:
Remove useless comment

Signed-off-by: Sebastian Poehn <sebastian.poehn@gmail.com>
---
--

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

David Miller April 20, 2015, 6:08 p.m. UTC | #1

From: Sebastian Poehn <sebastian.poehn@gmail.com>
Date: Mon, 20 Apr 2015 09:19:20 +0200

> Initial discussion was:
> [FYI] xfrm: Don't lookup sk_policy for timewait sockets
> 
> Forwarded frames should not have a socket attached. Especially
> tw sockets will lead to panics later-on in the stack.
> 
> This was observed with TPROXY assigning a tw socket and broken
> policy routing (misconfigured). As a result frame enters
> forwarding path instead of input. We cannot solve this in
> TPROXY as it cannot know that policy routing is broken.
> 
> v2:
> Remove useless comment
> 
> Signed-off-by: Sebastian Poehn <sebastian.poehn@gmail.com>

Applied and queued up for -stable, thanks Sebastian.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 939992c..3674484 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -82,6 +82,9 @@  int ip_forward(struct sk_buff *skb)
 	if (skb->pkt_type != PACKET_HOST)
 		goto drop;
 
+	if (unlikely(skb->sk))
+		goto drop;
+
 	if (skb_warn_if_lro(skb))
 		goto drop;

[v2] ip_forward: Drop frames with attached skb->sk

Commit Message

Comments

Patch