提交 288b01c8 编写于 作者: J Jiri Benc 提交者: David S. Miller

vxlan: clean up rx error path

When there are unrecognized flags present in the vxlan header, it doesn't
make much sense to return the packet for further UDP processing, especially
considering that for other invalid flag combinations we drop the packet
because of previous checks.

This means we return positive value only at the beginning of the function
where tun_dst is not yet allocated. This allows us to get rid of the
bad_flags and error jump labels.

When we're dropping packet, we need to free tun_dst now.
Signed-off-by: NJiri Benc <jbenc@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 f14ecebb
...@@ -1288,16 +1288,19 @@ static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb) ...@@ -1288,16 +1288,19 @@ static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
/* Need Vxlan and inner Ethernet header to be present */ /* Need Vxlan and inner Ethernet header to be present */
if (!pskb_may_pull(skb, VXLAN_HLEN)) if (!pskb_may_pull(skb, VXLAN_HLEN))
goto error; return 1;
unparsed = *vxlan_hdr(skb); unparsed = *vxlan_hdr(skb);
if (unparsed.vx_flags & VXLAN_HF_VNI) { /* VNI flag always required to be set */
unparsed.vx_flags &= ~VXLAN_HF_VNI; if (!(unparsed.vx_flags & VXLAN_HF_VNI)) {
unparsed.vx_vni &= ~VXLAN_VNI_MASK; netdev_dbg(skb->dev, "invalid vxlan flags=%#x vni=%#x\n",
} else { ntohl(vxlan_hdr(skb)->vx_flags),
/* VNI flag always required to be set */ ntohl(vxlan_hdr(skb)->vx_vni));
goto bad_flags; /* Return non vxlan pkt */
return 1;
} }
unparsed.vx_flags &= ~VXLAN_HF_VNI;
unparsed.vx_vni &= ~VXLAN_VNI_MASK;
if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB))) if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB)))
goto drop; goto drop;
...@@ -1337,29 +1340,19 @@ static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb) ...@@ -1337,29 +1340,19 @@ static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
* is more robust and provides a little more security in * is more robust and provides a little more security in
* adding extensions to VXLAN. * adding extensions to VXLAN.
*/ */
goto drop;
goto bad_flags;
} }
vxlan_rcv(vs, skb, md, vxlan_vni(vxlan_hdr(skb)->vx_vni), tun_dst); vxlan_rcv(vs, skb, md, vxlan_vni(vxlan_hdr(skb)->vx_vni), tun_dst);
return 0; return 0;
drop: drop:
/* Consume bad packet */
kfree_skb(skb);
return 0;
bad_flags:
netdev_dbg(skb->dev, "invalid vxlan flags=%#x vni=%#x\n",
ntohl(vxlan_hdr(skb)->vx_flags),
ntohl(vxlan_hdr(skb)->vx_vni));
error:
if (tun_dst) if (tun_dst)
dst_release((struct dst_entry *)tun_dst); dst_release((struct dst_entry *)tun_dst);
/* Return non vxlan pkt */ /* Consume bad packet */
return 1; kfree_skb(skb);
return 0;
} }
static int arp_reduce(struct net_device *dev, struct sk_buff *skb) static int arp_reduce(struct net_device *dev, struct sk_buff *skb)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册