提交 6d55cb91 编写于 作者: T Timo Teräs 提交者: David S. Miller

gre: fix hard header destination address checking

ipgre_header() can be called with zero daddr when the gre device is
configured as multipoint tunnel and still has the NOARP flag set (which is
typically cleared by the userspace arp daemon).  If the NOARP packets are
not dropped, ipgre_tunnel_xmit() will take rt->rt_gateway (= NBMA IP) and
use that for route look up (and may lead to bogus xfrm acquires).

The multicast address check is removed as sending to multicast group should
be ok.  In fact, if gre device has a multicast address as destination
ipgre_header is always called with multicast address.
Signed-off-by: NTimo Teras <timo.teras@iki.fi>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 c839d30a
...@@ -1144,12 +1144,9 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev, ...@@ -1144,12 +1144,9 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
if (saddr) if (saddr)
memcpy(&iph->saddr, saddr, 4); memcpy(&iph->saddr, saddr, 4);
if (daddr)
if (daddr) {
memcpy(&iph->daddr, daddr, 4); memcpy(&iph->daddr, daddr, 4);
return t->hlen; if (iph->daddr)
}
if (iph->daddr && !ipv4_is_multicast(iph->daddr))
return t->hlen; return t->hlen;
return -t->hlen; return -t->hlen;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册