Message ID | 1467274002-61390-20-git-send-email-pshelar@ovn.org |
---|---|
State | Superseded |
Headers | show |
On Thu, Jun 30, 2016 at 1:06 AM, Pravin B Shelar <pshelar@ovn.org> wrote: > Upstream commit: > commit e5aed006be918af163eb397e45aa5ea6cefd5e01 > Author: Hannes Frederic Sowa <hannes@stressinduktion.org> > > udp: prevent skbs lingering in tunnel socket queues > > In case we find a socket with encapsulation enabled we should call > the encap_recv function even if just a udp header without payload is > available. The callbacks are responsible for correctly verifying and > dropping the packets. > > Also, in case the header validation fails for geneve and vxlan we > shouldn't put the skb back into the socket queue, no one will pick > them up there. Instead we can simply discard them in the respective > encap_recv functions. > > Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> > Signed-off-by: David S. Miller <davem@davemloft.net> > > Signed-off-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Jesse Gross <jesse@kernel.org>
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c index cc8740b..9d582f0 100644 --- a/datapath/linux/compat/geneve.c +++ b/datapath/linux/compat/geneve.c @@ -337,15 +337,15 @@ static int geneve_udp_encap_recv(struct sock *sk, struct sk_buff *skb) /* Need Geneve and inner Ethernet header to be present */ if (unlikely(!pskb_may_pull(skb, GENEVE_BASE_HLEN))) - goto error; + goto drop; /* Return packets with reserved bits set */ geneveh = geneve_hdr(skb); if (unlikely(geneveh->ver != GENEVE_VER)) - goto error; + goto drop; if (unlikely(geneveh->proto_type != htons(ETH_P_TEB))) - goto error; + goto drop; gs = rcu_dereference_sk_user_data(sk); if (!gs) @@ -368,10 +368,6 @@ drop: /* Consume bad packet */ kfree_skb(skb); return 0; - -error: - /* Let the UDP layer deal with the skb */ - return 1; } static struct socket *geneve_create_sock(struct net *net, bool ipv6, diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c index d78d233..4303475 100644 --- a/datapath/linux/compat/vxlan.c +++ b/datapath/linux/compat/vxlan.c @@ -664,7 +664,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) /* Need UDP and VXLAN header to be present */ if (!pskb_may_pull(skb, VXLAN_HLEN)) - return 1; + goto drop; unparsed = *vxlan_hdr(skb); /* VNI flag always required to be set */ @@ -673,7 +673,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) ntohl(vxlan_hdr(skb)->vx_flags), ntohl(vxlan_hdr(skb)->vx_vni)); /* Return non vxlan pkt */ - return 1; + goto drop; } unparsed.vx_flags &= ~VXLAN_HF_VNI; unparsed.vx_vni &= ~VXLAN_VNI_MASK;