| Message ID | 20151103075107.9B08EA0CD2@unicorn.suse.cz |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Michal Kubecek <mkubecek@suse.cz> Date: Tue, 3 Nov 2015 08:51:07 +0100 (CET) > Both tunnel6_protocol and tunnel46_protocol share the same error > handler, tunnel6_err(), which traverses through tunnel6_handlers list. > For ipip6 tunnels, we need to traverse tunnel46_handlers as we do e.g. > in tunnel46_rcv(). Current code can generate an ICMPv6 error message > with an IPv4 packet embedded in it. > > Fixes: 73d605d1abbd ("[IPSEC]: changing API of xfrm6_tunnel_register") > Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Good catch, applied and queued up for -stable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c index 3c758007b327..dae25cad05cd 100644 --- a/net/ipv6/tunnel6.c +++ b/net/ipv6/tunnel6.c @@ -144,6 +144,16 @@ static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, break; } +static void tunnel46_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + u8 type, u8 code, int offset, __be32 info) +{ + struct xfrm6_tunnel *handler; + + for_each_tunnel_rcu(tunnel46_handlers, handler) + if (!handler->err_handler(skb, opt, type, code, offset, info)) + break; +} + static const struct inet6_protocol tunnel6_protocol = { .handler = tunnel6_rcv, .err_handler = tunnel6_err, @@ -152,7 +162,7 @@ static const struct inet6_protocol tunnel6_protocol = { static const struct inet6_protocol tunnel46_protocol = { .handler = tunnel46_rcv, - .err_handler = tunnel6_err, + .err_handler = tunnel46_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, };
Both tunnel6_protocol and tunnel46_protocol share the same error handler, tunnel6_err(), which traverses through tunnel6_handlers list. For ipip6 tunnels, we need to traverse tunnel46_handlers as we do e.g. in tunnel46_rcv(). Current code can generate an ICMPv6 error message with an IPv4 packet embedded in it. Fixes: 73d605d1abbd ("[IPSEC]: changing API of xfrm6_tunnel_register") Signed-off-by: Michal Kubecek <mkubecek@suse.cz> --- net/ipv6/tunnel6.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)