• D
    ip_tunnel: fix ip_tunnel_lookup · e0056593
    Dmitry Popov 提交于
    This patch fixes 3 similar bugs where incoming packets might be routed into
    wrong non-wildcard tunnels:
    
    1) Consider the following setup:
        ip address add 1.1.1.1/24 dev eth0
        ip address add 1.1.1.2/24 dev eth0
        ip tunnel add ipip1 remote 2.2.2.2 local 1.1.1.1 mode ipip dev eth0
        ip link set ipip1 up
    
    Incoming ipip packets from 2.2.2.2 were routed into ipip1 even if it has dst =
    1.1.1.2. Moreover even if there was wildcard tunnel like
       ip tunnel add ipip0 remote 2.2.2.2 local any mode ipip dev eth0
    but it was created before explicit one (with local 1.1.1.1), incoming ipip
    packets with src = 2.2.2.2 and dst = 1.1.1.2 were still routed into ipip1.
    
    Same issue existed with all tunnels that use ip_tunnel_lookup (gre, vti)
    
    2)  ip address add 1.1.1.1/24 dev eth0
        ip tunnel add ipip1 remote 2.2.146.85 local 1.1.1.1 mode ipip dev eth0
        ip link set ipip1 up
    
    Incoming ipip packets with dst = 1.1.1.1 were routed into ipip1, no matter what
    src address is. Any remote ip address which has ip_tunnel_hash = 0 raised this
    issue, 2.2.146.85 is just an example, there are more than 4 million of them.
    And again, wildcard tunnel like
       ip tunnel add ipip0 remote any local 1.1.1.1 mode ipip dev eth0
    wouldn't be ever matched if it was created before explicit tunnel like above.
    
    Gre & vti tunnels had the same issue.
    
    3)  ip address add 1.1.1.1/24 dev eth0
        ip tunnel add gre1 remote 2.2.146.84 local 1.1.1.1 key 1 mode gre dev eth0
        ip link set gre1 up
    
    Any incoming gre packet with key = 1 were routed into gre1, no matter what
    src/dst addresses are. Any remote ip address which has ip_tunnel_hash = 0 raised
    the issue, 2.2.146.84 is just an example, there are more than 4 million of them.
    Wildcard tunnel like
       ip tunnel add gre2 remote any local any key 1 mode gre dev eth0
    wouldn't be ever matched if it was created before explicit tunnel like above.
    
    All this stuff happened because while looking for a wildcard tunnel we didn't
    check that matched tunnel is a wildcard one. Fixed.
    Signed-off-by: NDmitry Popov <ixaphire@qrator.net>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    e0056593
ip_tunnel.c 24.5 KB