From patchwork Sun Mar 17 23:37:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bram Yvakh X-Patchwork-Id: 1057624 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mail.wizbit.be Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44MwzK5Xl4z9s71 for ; Mon, 18 Mar 2019 10:50:05 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727562AbfCQXpS (ORCPT ); Sun, 17 Mar 2019 19:45:18 -0400 Received: from 87-237-14-1.powered-by.benesol.be ([87.237.14.1]:40852 "EHLO wizbit.localdomain" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727467AbfCQXpR (ORCPT ); Sun, 17 Mar 2019 19:45:17 -0400 Received: from mx.wizbit.be (localhost [127.0.0.1]) by wizbit.localdomain (Postfix) with ESMTP id 60DD16005; Mon, 18 Mar 2019 00:37:57 +0100 (CET) From: Bram Yvahk To: steffen.klassert@secunet.com, herbert@gondor.apana.org.au, davem@davemloft.net Cc: netdev@vger.kernel.org Subject: [PATCH ipsec/vti 2/2] vti6: process icmp msg when IPv6 is fragmented Date: Sun, 17 Mar 2019 23:37:57 +0000 Message-Id: <1552865877-13401-3-git-send-email-bram-yvahk@mail.wizbit.be> X-Mailer: git-send-email 1.8.4 In-Reply-To: <1552865877-13401-1-git-send-email-bram-yvahk@mail.wizbit.be> References: <1552865877-13401-1-git-send-email-bram-yvahk@mail.wizbit.be> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org In the error function the 'nexthdr' of the (original) IPv6 header was used to check for which protocol it was. When the (original) IPv6 packet is fragmented however then nexthdr is set to 'NEXTHDR_FRAGMENT' and this causes the code to return early and not process the ICMP error. Signed-off-by: Bram Yvahk --- net/ipv6/ip6_vti.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index 47f178c..9582ffd 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -590,7 +590,7 @@ vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) } static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, - u8 type, u8 code, int offset, __be32 info) + u8 type, u8 code, int offset, __be32 info, int protocol) { __be32 spi; __u32 mark; @@ -601,7 +601,6 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, struct ip_comp_hdr *ipch; struct net *net = dev_net(skb->dev); const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data; - int protocol = iph->nexthdr; t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr); if (!t) @@ -645,6 +644,24 @@ static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, return 0; } +static int vti6_esp_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + u8 type, u8 code, int offset, __be32 info) +{ + return vti6_err(skb, opt, type, code, offset, info, IPPROTO_ESP); +} + +static int vti6_ah_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + u8 type, u8 code, int offset, __be32 info) +{ + return vti6_err(skb, opt, type, code, offset, info, IPPROTO_AH); +} + +static int vti6_ipcomp_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + u8 type, u8 code, int offset, __be32 info) +{ + return vti6_err(skb, opt, type, code, offset, info, IPPROTO_COMP); +} + static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu) { struct net_device *dev = t->dev; @@ -1189,21 +1206,21 @@ static struct pernet_operations vti6_net_ops = { static struct xfrm6_protocol vti_esp6_protocol __read_mostly = { .handler = vti6_rcv, .cb_handler = vti6_rcv_cb, - .err_handler = vti6_err, + .err_handler = vti6_esp_err, .priority = 100, }; static struct xfrm6_protocol vti_ah6_protocol __read_mostly = { .handler = vti6_rcv, .cb_handler = vti6_rcv_cb, - .err_handler = vti6_err, + .err_handler = vti6_ah_err, .priority = 100, }; static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = { .handler = vti6_rcv, .cb_handler = vti6_rcv_cb, - .err_handler = vti6_err, + .err_handler = vti6_ipcomp_err, .priority = 100, };