From patchwork Fri Aug 23 13:20:17 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com>
X-Patchwork-Id: 1152178
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=ericsson.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=ericsson.com header.i=@ericsson.com
	header.b="HWeqBQj3"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46FMTl1hgdz9sBp
	for <incoming@patchwork.ozlabs.org>;
	Fri, 23 Aug 2019 23:20:43 +1000 (AEST)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id C906CD67;
	Fri, 23 Aug 2019 13:20:33 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 97CD5A55
	for <dev@openvswitch.org>; Fri, 23 Aug 2019 13:20:32 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 344B18A3
	for <dev@openvswitch.org>; Fri, 23 Aug 2019 13:20:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801;
	c=relaxed/relaxed;
	q=dns/txt; i=@ericsson.com; t=1566566428; x=1569158428;
	h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=NzNHvXkSdxfrZG+LXjPqSgFFSuvuAP1MXCC3frglKKw=;
	b=HWeqBQj3hX5as9OfOmOYmVzAXHRIZxFiQ+ZmjyLfq8VtOdKTrzpTllQphEE3vpOe
	pblplWf4tJOrgPRGed+8/DvJifSZ7VMuGR1d0nsXvZkwvXHts1YjAD1lFUCHNniS
	WRQrBy9CBt8N5/BAQxNfj6ghaqi0Ir19qxOq8BNLMbE=;
X-AuditID: c1b4fb25-399ff700000029f0-43-5d5fe81c377f
Received: from ESESBMB503.ericsson.se (Unknown_Domain [153.88.183.116])
	by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id
	26.7C.10736.C18EF5D5; Fri, 23 Aug 2019 15:20:28 +0200 (CEST)
Received: from ESESSMR504.ericsson.se (153.88.183.126) by
	ESESBMB503.ericsson.se (153.88.183.116) with Microsoft SMTP Server
	(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
	15.1.1713.5; Fri, 23 Aug 2019 15:20:28 +0200
Received: from ESESSMR504.ericsson.se (153.88.183.126) by
	ESESSMR504.ericsson.se (153.88.183.126) with Microsoft SMTP Server
	(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
	15.1.1713.5; Fri, 23 Aug 2019 15:20:28 +0200
Received: from ESGSCHC002.ericsson.se (146.11.116.71) by
	ESESSMR504.ericsson.se (153.88.183.126) with Microsoft SMTP Server
	(version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id
	15.1.1713.5 via Frontend Transport; Fri, 23 Aug 2019 15:20:28 +0200
Received: from localhost.localdomain (146.11.116.127) by
	smtps-ao.internal.ericsson.com (146.11.116.71) with Microsoft SMTP
	Server (TLS) id 14.3.439.0; Fri, 23 Aug 2019 21:20:24 +0800
From: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com>
To: <dev@openvswitch.org>
Date: Fri, 23 Aug 2019 18:50:17 +0530
Message-ID: 
 <1566566417-17473-1-git-send-email-vishal.deep.ajmera@ericsson.com>
X-Mailer: git-send-email 1.9.1
MIME-Version: 1.0
X-Originating-IP: [146.11.116.127]
X-Spam-Status: No, score=-1.3 required=5.0 tests=AC_FROM_MANY_DOTS, BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_MED autolearn=no
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [ovs-dev] [PATCH] conntrack: Correct length check for tcp packet
	inside ICMP data.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

An ICMP packet with type destination or host not reachable also carries
28 bytes of ICMP data field. This data field contains IP header and TCP
header (partial first 8 bytes) of the original packet for which ICMP
is being generated.

Conntrack module when processing these ICMP packets checks for TCP header
length (20 bytes). Since TCP header is partial the length check fails and
packet is erroneously dropped.

This patch fixes length check for TCP header when processing ICMP data
fields.

Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera@ericsson.com>
---
 lib/conntrack.c | 14 +++++++++++---
 lib/packets.h   |  1 +
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 5f60fea..0618fdd 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1513,10 +1513,18 @@ check_l4_icmp6(const struct conn_key *key, const void *data, size_t size,
     return validate_checksum ? checksum_valid(key, data, size, l3) : true;
 }
 
+/* If related is NULL, we are parsing nested TCP header  inside ICMP packet.
+ * Only 8 bytes of TCP header is required by RFC to be present in such case.
+ */
 static inline bool
-extract_l4_tcp(struct conn_key *key, const void *data, size_t size)
+extract_l4_tcp(struct conn_key *key, const void *data, size_t size,
+               bool *related)
 {
-    if (OVS_UNLIKELY(size < TCP_HEADER_LEN)) {
+    if (!related) {
+        if (size < ICMP_L4_DATA_LEN) {
+            return false;
+        }
+    } else if (size < TCP_HEADER_LEN) {
         return false;
     }
 
@@ -1750,7 +1758,7 @@ extract_l4(struct conn_key *key, const void *data, size_t size, bool *related,
 {
     if (key->nw_proto == IPPROTO_TCP) {
         return (!related || check_l4_tcp(key, data, size, l3,
-                validate_checksum)) && extract_l4_tcp(key, data, size);
+              validate_checksum)) && extract_l4_tcp(key, data, size, related);
     } else if (key->nw_proto == IPPROTO_UDP) {
         return (!related || check_l4_udp(key, data, size, l3,
                 validate_checksum)) && extract_l4_udp(key, data, size);
diff --git a/lib/packets.h b/lib/packets.h
index a4bee38..2bc65c9 100644
--- a/lib/packets.h
+++ b/lib/packets.h
@@ -886,6 +886,7 @@ struct tcp_header {
     ovs_be16 tcp_urg;
 };
 BUILD_ASSERT_DECL(TCP_HEADER_LEN == sizeof(struct tcp_header));
+#define ICMP_L4_DATA_LEN 8
 
 /* Connection states.
  *