From patchwork Mon Apr 1 13:17:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Suryaputra X-Patchwork-Id: 1072772 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="JsyjieUY"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44XtDp6NY0z9s9y for ; Tue, 2 Apr 2019 00:17:46 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726947AbfDANRp (ORCPT ); Mon, 1 Apr 2019 09:17:45 -0400 Received: from mail-it1-f193.google.com ([209.85.166.193]:52593 "EHLO mail-it1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726821AbfDANRo (ORCPT ); Mon, 1 Apr 2019 09:17:44 -0400 Received: by mail-it1-f193.google.com with SMTP id g17so14580875ita.2 for ; Mon, 01 Apr 2019 06:17:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=m6bh5J4+y2VSUMJBfluogYvb9AY9tM5Z0qoTvxZvV4g=; b=JsyjieUYVtetiDeig77kHGuuSx6BzBlY4/pZBekUn5cE9b/o1UGHXL9VnLNQSA06vy 09tZh9bJiFIlNfIHWfY6jrNmP8R1m5GwQAMoMrNMfTPpSDxq8P4GwgU75Xsu6el/DW9s lva7SJMgCCATuuuyvwitGsrfaTf7QBMfIT/9NMVl/w5HYxCz+kE9aXNpd8d3PYY33cMI 3yFFeW9CCLgPgj9hLMmGkUNos+4fFHu+skbaJkT/79VkpnNcvPgB7DJ4gsmJGxNFHr1X pDd9EzsjpEWKEJOcIomDPpNsPLNNDs8mrD7nEmjgkrGckpcQbUmI6JhRQ/Nfh6faDxLW USDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=m6bh5J4+y2VSUMJBfluogYvb9AY9tM5Z0qoTvxZvV4g=; b=XZtW8Jd0SV4djaDUnvCpPf8U4JTckKPvP2dOmwQcCcekWW2P0ngeG47haC4A/Ldll8 CTLnuvt0YLf0hdrIQbJFms91aOMpDUuhNVNOcvCldUq5LQFezYAfiFhptz5cWYVbcdq9 q2StPL0KE5RwaDoETjhnD0zVNP4vyoHEFbyO7jZbGWInMwjUElK34anpZIHLkRqdn+8i VJO8MyZghJJJ53t7/rciu2MeR8nkTe42U+r1kFjKlUyIWtQaBZao7tVKPNUtxHCO5uej psRuBvdEY4htQWhEpHfbxmpH0u169wWgU9ooKwiOWGtSGFaRHKCSbkLKciknMJvzqtef XoMw== X-Gm-Message-State: APjAAAXRGOrQ/e6AvePYWdLG7/vpWvd5Q0nz5CYlBN9XQk2Lw56LGj80 8zDgqn9qss7kzZ6p7pSaOCH3468= X-Google-Smtp-Source: APXvYqxkTMvbtLBL/JsMiMDTNdp+Nna3ehcYL17/w5JBoJIMCjAdzwAy9HrydnFRVHQPLZHrXlKIRg== X-Received: by 2002:a05:660c:592:: with SMTP id g18mr383248itk.0.1554124663397; Mon, 01 Apr 2019 06:17:43 -0700 (PDT) Received: from ubuntu.extremenetworks.com ([12.38.14.8]) by smtp.gmail.com with ESMTPSA id d195sm5590870itc.21.2019.04.01.06.17.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Apr 2019 06:17:42 -0700 (PDT) From: Stephen Suryaputra To: netdev@vger.kernel.org Cc: Stephen Suryaputra Subject: [PATCH net, v3] vrf: check accept_source_route on the original netdevice Date: Mon, 1 Apr 2019 09:17:32 -0400 Message-Id: <20190401131732.22887-1-ssuryaextr@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Configuration check to accept source route IP options should be made on the incoming netdevice when the skb->dev is an l3mdev master. The route lookup for the source route next hop also needs the incoming netdev. v2->v3: - Simplify by passing the original netdevice down the stack (per David Ahern). Signed-off-by: Stephen Suryaputra Reviewed-by: David Ahern --- include/net/ip.h | 2 +- net/ipv4/ip_input.c | 7 +++---- net/ipv4/ip_options.c | 4 ++-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/include/net/ip.h b/include/net/ip.h index be3cad9c2e4c..583526aad1d0 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -677,7 +677,7 @@ int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp, unsigned char __user *data, int optlen); void ip_options_undo(struct ip_options *opt); void ip_forward_options(struct sk_buff *skb); -int ip_options_rcv_srr(struct sk_buff *skb); +int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev); /* * Functions provided by ip_sockglue.c diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index ecce2dc78f17..1132d6d1796a 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -257,11 +257,10 @@ int ip_local_deliver(struct sk_buff *skb) ip_local_deliver_finish); } -static inline bool ip_rcv_options(struct sk_buff *skb) +static inline bool ip_rcv_options(struct sk_buff *skb, struct net_device *dev) { struct ip_options *opt; const struct iphdr *iph; - struct net_device *dev = skb->dev; /* It looks as overkill, because not all IP options require packet mangling. @@ -297,7 +296,7 @@ static inline bool ip_rcv_options(struct sk_buff *skb) } } - if (ip_options_rcv_srr(skb)) + if (ip_options_rcv_srr(skb, dev)) goto drop; } @@ -353,7 +352,7 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, } #endif - if (iph->ihl > 5 && ip_rcv_options(skb)) + if (iph->ihl > 5 && ip_rcv_options(skb, dev)) goto drop; rt = skb_rtable(skb); diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 32a35043c9f5..3db31bb9df50 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c @@ -612,7 +612,7 @@ void ip_forward_options(struct sk_buff *skb) } } -int ip_options_rcv_srr(struct sk_buff *skb) +int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev) { struct ip_options *opt = &(IPCB(skb)->opt); int srrspace, srrptr; @@ -647,7 +647,7 @@ int ip_options_rcv_srr(struct sk_buff *skb) orefdst = skb->_skb_refdst; skb_dst_set(skb, NULL); - err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev); + err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, dev); rt2 = skb_rtable(skb); if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) { skb_dst_drop(skb);