ip6_tunnel: disable dst caching if tunnel is dual-stack

Message ID 20171225024349.4879-1-elicooper@gmx.com
State Accepted
Delegated to: David Miller
Headers show
Series
  • ip6_tunnel: disable dst caching if tunnel is dual-stack
Related show

Commit Message

Eli Cooper Dec. 25, 2017, 2:43 a.m.
When an ip6_tunnel is in mode 'any', where the transport layer
protocol can be either 4 or 41, dst_cache must be disabled.

This is because xfrm policies might apply to only one of the two
protocols. Caching dst would cause xfrm policies for one protocol
incorrectly used for the other.

Cc: stable@vger.kernel.org
Signed-off-by: Eli Cooper <elicooper@gmx.com>
---
 net/ipv6/ip6_tunnel.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

David Miller Jan. 2, 2018, 5:33 p.m. | #1
From: Eli Cooper <elicooper@gmx.com>
Date: Mon, 25 Dec 2017 10:43:49 +0800

> When an ip6_tunnel is in mode 'any', where the transport layer
> protocol can be either 4 or 41, dst_cache must be disabled.
> 
> This is because xfrm policies might apply to only one of the two
> protocols. Caching dst would cause xfrm policies for one protocol
> incorrectly used for the other.
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Eli Cooper <elicooper@gmx.com>

Please do not CC: stable on networking changes, as per the netdev
FAQ I queue these up by hand.

> -	} else if (!(t->parms.flags &
> +	} else if (t->parms.proto != 0 && !(t->parms.flags &
>  		     (IP6_TNL_F_USE_ORIG_TCLASS | IP6_TNL_F_USE_ORIG_FWMARK))) {

When you adjust the indentation of an inner-expression, you must reindent the
subsequent lines that are also part of that inner-expression.

I've fixed up both of these issues and applied your patch, but please
take care of this yourself next time.

Thanks.

Patch

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 931c38f6ff4a..8aea23d15ddd 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1074,10 +1074,10 @@  int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield,
 			memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr));
 			neigh_release(neigh);
 		}
-	} else if (!(t->parms.flags &
+	} else if (t->parms.proto != 0 && !(t->parms.flags &
 		     (IP6_TNL_F_USE_ORIG_TCLASS | IP6_TNL_F_USE_ORIG_FWMARK))) {
-		/* enable the cache only only if the routing decision does
-		 * not depend on the current inner header value
+		/* enable the cache only if neither the outer protocol nor the
+		 * routing decision depends on the current inner header value
 		 */
 		use_cache = true;
 	}