1. 14 10月, 2020 1 次提交
    • C
      ip_gre: set dev->hard_header_len and dev->needed_headroom properly · fdafed45
      Cong Wang 提交于
      GRE tunnel has its own header_ops, ipgre_header_ops, and sets it
      conditionally. When it is set, it assumes the outer IP header is
      already created before ipgre_xmit().
      
      This is not true when we send packets through a raw packet socket,
      where L2 headers are supposed to be constructed by user. Packet
      socket calls dev_validate_header() to validate the header. But
      GRE tunnel does not set dev->hard_header_len, so that check can
      be simply bypassed, therefore uninit memory could be passed down
      to ipgre_xmit(). Similar for dev->needed_headroom.
      
      dev->hard_header_len is supposed to be the length of the header
      created by dev->header_ops->create(), so it should be used whenever
      header_ops is set, and dev->needed_headroom should be used when it
      is not set.
      
      Reported-and-tested-by: syzbot+4a2c52677a8a1aa283cb@syzkaller.appspotmail.com
      Cc: William Tu <u9012063@gmail.com>
      Acked-by: NWillem de Bruijn <willemb@google.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: NXie He <xie.he.0141@gmail.com>
      Signed-off-by: NJakub Kicinski <kuba@kernel.org>
      fdafed45
  2. 20 5月, 2020 1 次提交
    • C
      net: add a new ndo_tunnel_ioctl method · 607259a6
      Christoph Hellwig 提交于
      This method is used to properly allow kernel callers of the IPv4 route
      management ioctls.  The exsting ip_tunnel_ioctl helper is renamed to
      ip_tunnel_ctl to better reflect that it doesn't directly implement ioctls
      touching user memory, and is used for the guts of ndo_tunnel_ctl
      implementations. A new ip_tunnel_ioctl helper is added that can be wired
      up directly to the ndo_do_ioctl method and takes care of the copy to and
      from userspace.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      607259a6
  3. 13 5月, 2020 1 次提交
  4. 06 5月, 2020 1 次提交
    • W
      erspan: Add type I version 0 support. · f989d546
      William Tu 提交于
      The Type I ERSPAN frame format is based on the barebones
      IP + GRE(4-byte) encapsulation on top of the raw mirrored frame.
      Both type I and II use 0x88BE as protocol type. Unlike type II
      and III, no sequence number or key is required.
      To creat a type I erspan tunnel device:
        $ ip link add dev erspan11 type erspan \
                  local 172.16.1.100 remote 172.16.1.200 \
                  erspan_ver 0
      Signed-off-by: NWilliam Tu <u9012063@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f989d546
  5. 17 3月, 2020 1 次提交
  6. 15 3月, 2020 1 次提交
    • P
      net: ip_gre: Separate ERSPAN newlink / changelink callbacks · e1f8f78f
      Petr Machata 提交于
      ERSPAN shares most of the code path with GRE and gretap code. While that
      helps keep the code compact, it is also error prone. Currently a broken
      userspace can turn a gretap tunnel into a de facto ERSPAN one by passing
      IFLA_GRE_ERSPAN_VER. There has been a similar issue in ip6gretap in the
      past.
      
      To prevent these problems in future, split the newlink and changelink code
      paths. Split the ERSPAN code out of ipgre_netlink_parms() into a new
      function erspan_netlink_parms(). Extract a piece of common logic from
      ipgre_newlink() and ipgre_changelink() into ipgre_newlink_encap_setup().
      Add erspan_newlink() and erspan_changelink().
      
      Fixes: 84e54fe0 ("gre: introduce native tunnel support for ERSPAN")
      Signed-off-by: NPetr Machata <petrm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e1f8f78f
  7. 10 12月, 2019 1 次提交
  8. 21 11月, 2019 1 次提交
    • W
      ip_gre: Make none-tun-dst gre tunnel store tunnel info as metadat_dst in recv · c0d59da7
      wenxu 提交于
      Currently collect_md gre tunnel will store the tunnel info(metadata_dst)
      to skb_dst.
      And now the non-tun-dst gre tunnel already can add tunnel header through
      lwtunnel.
      
      When received a arp_request on the non-tun-dst gre tunnel. The packet of
      arp response will send through the non-tun-dst tunnel without tunnel info
      which will lead the arp response packet to be dropped.
      
      If the non-tun-dst gre tunnel also store the tunnel info as metadata_dst,
      The arp response packet will set the releted tunnel info in the
      iptunnel_metadata_reply.
      
      The following is the test script:
      
      ip netns add cl
      ip l add dev vethc type veth peer name eth0 netns cl
      
      ifconfig vethc 172.168.0.7/24 up
      ip l add dev tun1000 type gretap key 1000
      
      ip link add user1000 type vrf table 1
      ip l set user1000 up
      ip l set dev tun1000 master user1000
      ifconfig tun1000 10.0.1.1/24 up
      
      ip netns exec cl ifconfig eth0 172.168.0.17/24 up
      ip netns exec cl ip l add dev tun type gretap local 172.168.0.17 remote 172.168.0.7 key 1000
      ip netns exec cl ifconfig tun 10.0.1.7/24 up
      ip r r 10.0.1.7 encap ip id 1000 dst 172.168.0.17 key dev tun1000 table 1
      
      With this patch
      ip netns exec cl ping 10.0.1.1 can success
      Signed-off-by: Nwenxu <wenxu@ucloud.cn>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0d59da7
  9. 30 10月, 2019 1 次提交
  10. 01 10月, 2019 1 次提交
    • H
      erspan: remove the incorrect mtu limit for erspan · 0e141f75
      Haishuang Yan 提交于
      erspan driver calls ether_setup(), after commit 61e84623
      ("net: centralize net_device min/max MTU checking"), the range
      of mtu is [min_mtu, max_mtu], which is [68, 1500] by default.
      
      It causes the dev mtu of the erspan device to not be greater
      than 1500, this limit value is not correct for ipgre tap device.
      
      Tested:
      Before patch:
      # ip link set erspan0 mtu 1600
      Error: mtu greater than device maximum.
      After patch:
      # ip link set erspan0 mtu 1600
      # ip -d link show erspan0
      21: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1600 qdisc noop state DOWN
      mode DEFAULT group default qlen 1000
          link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 0
      
      Fixes: 61e84623 ("net: centralize net_device min/max MTU checking")
      Signed-off-by: NHaishuang Yan <yanhaishuang@cmss.chinamobile.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0e141f75
  11. 31 5月, 2019 1 次提交
  12. 09 4月, 2019 1 次提交
  13. 28 2月, 2019 1 次提交
  14. 22 2月, 2019 1 次提交
    • L
      net: ip_gre: do not report erspan_ver for gre or gretap · 2bdf700e
      Lorenzo Bianconi 提交于
      Report erspan version field to userspace in ipgre_fill_info just for
      erspan tunnels. The issue can be triggered with the following reproducer:
      
      $ip link add name gre1 type gre local 192.168.0.1 remote 192.168.1.1
      $ip link set dev gre1 up
      $ip -d link sh gre1
      13: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
          link/gre 192.168.0.1 peer 192.168.1.1 promiscuity 0 minmtu 0 maxmtu 0
          gre remote 192.168.1.1 local 192.168.0.1 ttl inherit erspan_ver 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1
      
      Fixes: f551c91d ("net: erspan: introduce erspan v2 for ip_gre")
      Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2bdf700e
  15. 31 1月, 2019 1 次提交
    • L
      net: ip_gre: always reports o_key to userspace · feaf5c79
      Lorenzo Bianconi 提交于
      Erspan protocol (version 1 and 2) relies on o_key to configure
      session id header field. However TUNNEL_KEY bit is cleared in
      erspan_xmit since ERSPAN protocol does not set the key field
      of the external GRE header and so the configured o_key is not reported
      to userspace. The issue can be triggered with the following reproducer:
      
      $ip link add erspan1 type erspan local 192.168.0.1 remote 192.168.0.2 \
          key 1 seq erspan_ver 1
      $ip link set erspan1 up
      $ip -d link sh erspan1
      
      erspan1@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UNKNOWN mode DEFAULT
        link/ether 52:aa:99:95:9a:b5 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500
        erspan remote 192.168.0.2 local 192.168.0.1 ttl inherit ikey 0.0.0.1 iseq oseq erspan_index 0
      
      Fix the issue adding TUNNEL_KEY bit to the o_flags parameter in
      ipgre_fill_info
      
      Fixes: 84e54fe0 ("gre: introduce native tunnel support for ERSPAN")
      Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      feaf5c79
  16. 27 1月, 2019 1 次提交
  17. 23 1月, 2019 1 次提交
  18. 17 1月, 2019 1 次提交
  19. 02 1月, 2019 1 次提交
    • W
      ip: validate header length on virtual device xmit · cb9f1b78
      Willem de Bruijn 提交于
      KMSAN detected read beyond end of buffer in vti and sit devices when
      passing truncated packets with PF_PACKET. The issue affects additional
      ip tunnel devices.
      
      Extend commit 76c0ddd8 ("ip6_tunnel: be careful when accessing the
      inner header") and commit ccfec9e5 ("ip_tunnel: be careful when
      accessing the inner header").
      
      Move the check to a separate helper and call at the start of each
      ndo_start_xmit function in net/ipv4 and net/ipv6.
      
      Minor changes:
      - convert dev_kfree_skb to kfree_skb on error path,
        as dev_kfree_skb calls consume_skb which is not for error paths.
      - use pskb_network_may_pull even though that is pedantic here,
        as the same as pskb_may_pull for devices without llheaders.
      - do not cache ipv6 hdrs if used only once
        (unsafe across pskb_may_pull, was more relevant to earlier patch)
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: NWillem de Bruijn <willemb@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cb9f1b78
  20. 11 12月, 2018 1 次提交
  21. 09 11月, 2018 1 次提交
    • S
      net: Convert protocol error handlers from void to int · 32bbd879
      Stefano Brivio 提交于
      We'll need this to handle ICMP errors for tunnels without a sending socket
      (i.e. FoU and GUE). There, we might have to look up different types of IP
      tunnels, registered as network protocols, before we get a match, so we
      want this for the error handlers of IPPROTO_IPIP and IPPROTO_IPV6 in both
      inet_protos and inet6_protos. These error codes will be used in the next
      patch.
      
      For consistency, return sensible error codes in protocol error handlers
      whenever handlers can't handle errors because, even if valid, they don't
      match a protocol or any of its states.
      
      This has no effect on existing error handling paths.
      Signed-off-by: NStefano Brivio <sbrivio@redhat.com>
      Reviewed-by: NSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      32bbd879
  22. 07 11月, 2018 1 次提交
  23. 27 9月, 2018 2 次提交
  24. 17 9月, 2018 1 次提交
  25. 12 9月, 2018 2 次提交
  26. 28 8月, 2018 1 次提交
  27. 02 8月, 2018 1 次提交
  28. 29 6月, 2018 1 次提交
  29. 18 5月, 2018 1 次提交
  30. 12 5月, 2018 1 次提交
  31. 30 4月, 2018 1 次提交
    • W
      erspan: auto detect truncated packets. · 1baf5ebf
      William Tu 提交于
      Currently the truncated bit is set only when the mirrored packet
      is larger than mtu.  For certain cases, the packet might already
      been truncated before sending to the erspan tunnel.  In this case,
      the patch detect whether the IP header's total length is larger
      than the actual skb->len.  If true, this indicated that the
      mirrored packet is truncated and set the erspan truncate bit.
      
      I tested the patch using bpf_skb_change_tail helper function to
      shrink the packet size and send to erspan tunnel.
      Reported-by: NXiaoyan Jin <xiaoyanj@vmware.com>
      Signed-off-by: NWilliam Tu <u9012063@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1baf5ebf
  32. 10 4月, 2018 1 次提交
  33. 28 3月, 2018 1 次提交
  34. 23 3月, 2018 1 次提交
  35. 05 3月, 2018 1 次提交
  36. 28 2月, 2018 3 次提交