diff mbox series

[ovs-dev,4/8] datapath: check tunnel option type in tunnel flags

Message ID 1544036152-27247-5-git-send-email-gvrose8192@gmail.com
State Superseded
Headers show
Series datapath: Pull in upstream fixes and updates | expand

Commit Message

Gregory Rose Dec. 5, 2018, 6:55 p.m. UTC 
From: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>

Upstream commit:
    commit 256c87c17c53e60882a43dcf3e98f3bf859eaf6f
    Author: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
    Date:   Tue Jun 26 21:39:36 2018 -0700

    net: check tunnel option type in tunnel flags

    Check the tunnel option type stored in tunnel flags when creating options
    for tunnels. Thereby ensuring we do not set geneve, vxlan or erspan tunnel
    options on interfaces that are not associated with them.

    Make sure all users of the infrastructure set correct flags, for the BPF
    helper we have to set all bits to keep backward compatibility.

    Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

CC: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
---
 datapath/flow_netlink.c                        | 7 ++++++-
 datapath/linux/compat/geneve.c                 | 3 ++-
 datapath/linux/compat/include/net/ip_tunnels.h | 4 +++-
 datapath/linux/compat/ip_gre.c                 | 2 ++
 datapath/linux/compat/vxlan.c                  | 3 ++-
 5 files changed, 15 insertions(+), 4 deletions(-)

Comments

William Tu Dec. 10, 2018, 5:59 p.m. UTC | #1 
On Wed, Dec 5, 2018 at 10:56 AM Greg Rose <gvrose8192@gmail.com> wrote:
>
> From: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
>
> Upstream commit:
>     commit 256c87c17c53e60882a43dcf3e98f3bf859eaf6f
>     Author: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
>     Date:   Tue Jun 26 21:39:36 2018 -0700
>
>     net: check tunnel option type in tunnel flags
>
>     Check the tunnel option type stored in tunnel flags when creating options
>     for tunnels. Thereby ensuring we do not set geneve, vxlan or erspan tunnel
>     options on interfaces that are not associated with them.
>
>     Make sure all users of the infrastructure set correct flags, for the BPF
>     helper we have to set all bits to keep backward compatibility.
>
>     Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
>     Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>     Signed-off-by: David S. Miller <davem@davemloft.net>
>
> CC: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
> Signed-off-by: Greg Rose <gvrose8192@gmail.com>
> ---
LGTM.
Acked-by: William Tu <u9012063@gmail.com>
diff mbox series

Patch

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index ee0c184..19341bc 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -2521,7 +2521,9 @@  static int validate_and_copy_set_tun(const struct nlattr *attr,
 	struct ovs_tunnel_info *ovs_tun;
 	struct nlattr *a;
 	int err = 0, start, opts_type;
+	__be16 dst_opt_type;
 
+	dst_opt_type = 0;
 	ovs_match_init(&match, &key, true, NULL);
 	opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
 	if (opts_type < 0)
@@ -2533,10 +2535,13 @@  static int validate_and_copy_set_tun(const struct nlattr *attr,
 			err = validate_geneve_opts(&key);
 			if (err < 0)
 				return err;
+			dst_opt_type = TUNNEL_GENEVE_OPT;
 			break;
 		case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
+			dst_opt_type = TUNNEL_VXLAN_OPT;
 			break;
 		case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
+			dst_opt_type = TUNNEL_ERSPAN_OPT;
 			break;
 		}
 	}
@@ -2578,7 +2583,7 @@  static int validate_and_copy_set_tun(const struct nlattr *attr,
 	 */
 	ip_tunnel_info_opts_set(tun_info,
 				TUN_METADATA_OPTS(&key, key.tun_opts_len),
-				key.tun_opts_len);
+				key.tun_opts_len, dst_opt_type);
 	add_nested_action_end(*sfa, start);
 
 	return err;
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c
index 77632ae..c044b14 100644
--- a/datapath/linux/compat/geneve.c
+++ b/datapath/linux/compat/geneve.c
@@ -252,7 +252,8 @@  static void geneve_rx(struct geneve_dev *geneve, struct geneve_sock *gs,
 			goto drop;
 		/* Update tunnel dst according to Geneve options. */
 		ip_tunnel_info_opts_set(&tun_dst->u.tun_info,
-					gnvh->options, gnvh->opt_len * 4);
+					gnvh->options, gnvh->opt_len * 4,
+					TUNNEL_GENEVE_OPT);
 	} else {
 		/* Drop packets w/ critical options,
 		 * since we don't support any...
diff --git a/datapath/linux/compat/include/net/ip_tunnels.h b/datapath/linux/compat/include/net/ip_tunnels.h
index dd90306..da64a94 100644
--- a/datapath/linux/compat/include/net/ip_tunnels.h
+++ b/datapath/linux/compat/include/net/ip_tunnels.h
@@ -214,10 +214,12 @@  static inline void ip_tunnel_info_opts_get(void *to,
 }
 
 static inline void ip_tunnel_info_opts_set(struct ip_tunnel_info *info,
-					   const void *from, int len)
+					   const void *from, int len,
+					   __be16 flags)
 {
 	memcpy(ip_tunnel_info_opts(info), from, len);
 	info->options_len = len;
+	info->key.tun_flags |= flags;
 }
 
 static inline void ip_tunnel_key_init(struct ip_tunnel_key *key,
diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
index 0faf8ab..89ef455 100644
--- a/datapath/linux/compat/ip_gre.c
+++ b/datapath/linux/compat/ip_gre.c
@@ -601,6 +601,8 @@  static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev,
 		goto err_free_skb;
 
 	key = &tun_info->key;
+	if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
+		goto err_free_rt;
 	md = ip_tunnel_info_opts(tun_info);
 	if (!md)
 		goto err_free_rt;
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
index b38a7be..23118e8 100644
--- a/datapath/linux/compat/vxlan.c
+++ b/datapath/linux/compat/vxlan.c
@@ -1101,7 +1101,8 @@  static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 		label = info->key.label;
 		udp_sum = !!(info->key.tun_flags & TUNNEL_CSUM);
 
-		if (info->options_len)
+		if (info->options_len &&
+		    info->key.tun_flags & TUNNEL_VXLAN_OPT)
 			md = ip_tunnel_info_opts(info);
 	} else {
 		md->gbp = skb->mark;