From patchwork Sat Nov 11 11:58:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 837027 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ZHUoqpNz"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yYwRd1pb8z9t3Z for ; Sat, 11 Nov 2017 22:59:08 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752520AbdKKL7B (ORCPT ); Sat, 11 Nov 2017 06:59:01 -0500 Received: from mail-pf0-f195.google.com ([209.85.192.195]:56643 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752166AbdKKL67 (ORCPT ); Sat, 11 Nov 2017 06:58:59 -0500 Received: by mail-pf0-f195.google.com with SMTP id q4so438353pfg.13 for ; Sat, 11 Nov 2017 03:58:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=MA/RSzqWrVkNjbt2oacx4nwwm55KJCAF9lU3BZmNyl0=; b=ZHUoqpNzD+adXxscf0nCB5mQvE2E5CJq4z2z45A3ugbGJG49sRmCuN+1eosByL6clX pYvCbW2Ha9WtHwjlkUmzL49fbGrtw7U0nx8dEOvpNGPDZ9s5EYyIu1dJtSEX3JfkjFcR RF7ktILFOcE9gHnTPrFu4qmDt1OQOUKFGMmFIe4Ltybq9A02pE0IdLXqf2YjOk4nsJqi 26T7KpXhY+d525sv2C4YHWeDBtFsv0n6qASeHqb6EJ6BwWs1m/kAnhn5pBmiDd52wRwl gWDyqoMWUN3ad76a6tbesBpXHfhoCjW2MNuNrQ+995in8mCtSqQ7XeaYhtvPJxbPco6h ka6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=MA/RSzqWrVkNjbt2oacx4nwwm55KJCAF9lU3BZmNyl0=; b=N60qs4Vm6MfViL9cebBGJO+8rGTQAyMuw3CWPpxpSur71ttL9pyEItsrQ6Ejc+yWQ8 RcDab9pp6/YXWYHyr7/+PhC4Q1E7qXO6/KNwnsgzHD+iUnjSy5qVZGgXwR6eEsDwLK9B lVTXlCiUvVCuUqzmEe3nyrXBVv0YUjXtEmioqcRJ893qB9qLOHL+js6ZTxtqzYdFg9cf M2Mv5GGXZnOcKXyPuaPjGmTAh1/byG6geuK45NH6nWUJetco/2tudXuteqnWxxpoAWTQ eL3YohpyCPHV25SrovKQYKk8w7YJ1g9VGnBmh0tXUrdYjH+NVUKt4gCmerWx/EsvuNG0 TxbQ== X-Gm-Message-State: AJaThX4oD8RT+v+owOCDU5QzRaOpKhYKxB/7Bpv09mD0T34lhiFQYzFy 781suDAVvPPMW3hx3U0Okpi246n3 X-Google-Smtp-Source: AGs4zMb+o3kPcwj7LTNkGUcZstvEZMaDIiZoEDKU+8+Fgd05zKAz/giuEYWGVtBJkHPyu8R9xhRVMA== X-Received: by 10.98.36.12 with SMTP id r12mr3665071pfj.11.1510401538840; Sat, 11 Nov 2017 03:58:58 -0800 (PST) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id h3sm11081215pfk.55.2017.11.11.03.58.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 Nov 2017 03:58:58 -0800 (PST) From: Xin Long To: network dev Cc: davem@davemloft.net, Cong Wang , Vincent Bernat Subject: [PATCH net] vxlan: fix the issue that neigh proxy blocks all icmpv6 packets Date: Sat, 11 Nov 2017 19:58:50 +0800 Message-Id: <4044ad2be78d1905117fba5e464ce67b22f48633.1510401530.git.lucien.xin@gmail.com> X-Mailer: git-send-email 2.1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Commit f1fb08f6337c ("vxlan: fix ND proxy when skb doesn't have transport header offset") removed icmp6_code and icmp6_type check before calling neigh_reduce when doing neigh proxy. It means all icmpv6 packets would be blocked by this, not only ns packet. In Jianlin's env, even ping6 couldn't work through it. This patch is to bring the icmp6_code and icmp6_type check back and also removed the same check from neigh_reduce(). Fixes: f1fb08f6337c ("vxlan: fix ND proxy when skb doesn't have transport header offset") Reported-by: Jianlin Shi Signed-off-by: Xin Long Reviewed-by: Vincent Bernat --- drivers/net/vxlan.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index d7c49cf..a2f4e52 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1623,26 +1623,19 @@ static struct sk_buff *vxlan_na_create(struct sk_buff *request, static int neigh_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni) { struct vxlan_dev *vxlan = netdev_priv(dev); - struct nd_msg *msg; - const struct ipv6hdr *iphdr; const struct in6_addr *daddr; - struct neighbour *n; + const struct ipv6hdr *iphdr; struct inet6_dev *in6_dev; + struct neighbour *n; + struct nd_msg *msg; in6_dev = __in6_dev_get(dev); if (!in6_dev) goto out; - if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + sizeof(struct nd_msg))) - goto out; - iphdr = ipv6_hdr(skb); daddr = &iphdr->daddr; - msg = (struct nd_msg *)(iphdr + 1); - if (msg->icmph.icmp6_code != 0 || - msg->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION) - goto out; if (ipv6_addr_loopback(daddr) || ipv6_addr_is_multicast(&msg->target)) @@ -2240,11 +2233,11 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) { struct vxlan_dev *vxlan = netdev_priv(dev); + struct vxlan_rdst *rdst, *fdst = NULL; const struct ip_tunnel_info *info; - struct ethhdr *eth; bool did_rsc = false; - struct vxlan_rdst *rdst, *fdst = NULL; struct vxlan_fdb *f; + struct ethhdr *eth; __be32 vni = 0; info = skb_tunnel_info(skb); @@ -2269,12 +2262,14 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) if (ntohs(eth->h_proto) == ETH_P_ARP) return arp_reduce(dev, skb, vni); #if IS_ENABLED(CONFIG_IPV6) - else if (ntohs(eth->h_proto) == ETH_P_IPV6) { - struct ipv6hdr *hdr, _hdr; - if ((hdr = skb_header_pointer(skb, - skb_network_offset(skb), - sizeof(_hdr), &_hdr)) && - hdr->nexthdr == IPPROTO_ICMPV6) + else if (ntohs(eth->h_proto) == ETH_P_IPV6 && + pskb_may_pull(skb, sizeof(struct ipv6hdr) + + sizeof(struct nd_msg)) && + ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { + struct nd_msg *m = (struct nd_msg *)(ipv6_hdr(skb) + 1); + + if (m->icmph.icmp6_code == 0 && + m->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) return neigh_reduce(dev, skb, vni); } #endif