From patchwork Thu Dec  7 23:15:43 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mahesh Bandewar <mahesh@bandewar.net>
X-Patchwork-Id: 845903
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=bandewar-net.20150623.gappssmtp.com
	header.i=@bandewar-net.20150623.gappssmtp.com
	header.b="C1sE0rKz"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3ytBDT4bwdz9rxj
	for <patchwork-incoming@ozlabs.org>;
	Fri,  8 Dec 2017 10:15:53 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751746AbdLGXPu (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 7 Dec 2017 18:15:50 -0500
Received: from mail-it0-f43.google.com ([209.85.214.43]:46588 "EHLO
	mail-it0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751010AbdLGXPt (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 7 Dec 2017 18:15:49 -0500
Received: by mail-it0-f43.google.com with SMTP id t1so977615ite.5
	for <netdev@vger.kernel.org>; Thu, 07 Dec 2017 15:15:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=bandewar-net.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=I/+aSCeLCsXux8vKl5tXCZkzddR9LWdEgpFW5vU61fE=;
	b=C1sE0rKz8IHSK4UxpkdClJiLddlpE1bvXHAl6ZaMlVHNNWISbA54SMW5SxnBsBBTCc
	PqCu1OUrykHf8RKWRYlrm1pUy7ON3k/yU24oQy/Vj9SX0K9tJ+hxHwpYCdlAJT7LmzAt
	2Rz8hUoxucsc9bmU9qQLNiLwSLMfv19EnJNyjMMKjK0VuEkDMUdb2pdA7JHOzf/oCX2s
	Ow71Bv6rX03u4PYyD8iD0Q9Q1LSXLdDgYAfkDdtrNFECwfLKxegY4yqJw1OXD7HoSnyg
	K6Avvz7AdlqyxX/GzB/3iR149WadVWE9aIgI4j+COTeibu5DTiWYj1g5FM09/NWcLAnE
	+rhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=I/+aSCeLCsXux8vKl5tXCZkzddR9LWdEgpFW5vU61fE=;
	b=iVjLGqHyF+o3Opu5Bp57xXmx91hi5CrFfpg/ysa4g21M8luT+OzM5Q0OXZf5AiKcq9
	0AtxBLQoIEErASukHQ/psgnk4C7la3hMRHzbi8883rkhftEg2F/zMvLnBrc98lKoAZgj
	0f2lJQ1A4WW68+EbDcgmUI6rltv3uJeEzpDuHxmgDfL+dZqLBcZzb6oT1Tqx3PObQnF9
	x1rLDKXvCi1wp3iiKZjGuCI4Yrxus+dKACKQoICEVF8JlTuwEK/VdMdVIKUr1j2/dU6H
	/JXU/8O1u4nWc3w2w7RMZMmhVIjbse+KddQpfWwCkp0SQ72D/Z6C+UTQM4TBSwBhSNZX
	bgqA==
X-Gm-Message-State: AKGB3mJZmwb2/oKBiLD10fAfLO2lCSA+1HQ3F4hWLKlqlu1kUZIr1vg6
	YAfyu043w+Y283fgSu3w8JlDHA==
X-Google-Smtp-Source: 
 AGs4zMY6cOzxR+xynN+WH/xaLJb5FucSeBDvEtRtvC0SHmjIcNMO2zIDtkaxi7DIuPrZkdfnaO++6A==
X-Received: by 10.36.57.13 with SMTP id l13mr3441068ita.101.1512688548964;
	Thu, 07 Dec 2017 15:15:48 -0800 (PST)
Received: from localhost ([2620:15c:2c4:201:e8a8:164e:71fd:4687])
	by smtp.gmail.com with ESMTPSA id
	202sm147912iti.6.2017.12.07.15.15.47
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Thu, 07 Dec 2017 15:15:48 -0800 (PST)
From: Mahesh Bandewar <mahesh@bandewar.net>
To: David Miller <davem@davemloft.net>, Netdev <netdev@vger.kernel.org>
Cc: Eric Dumazet <edumazet@google.com>,
	Mahesh Bandewar <mahesh@bandewar.net>,
	Amit Sikka <amit.sikka@ericsson.com>,
	Mahesh Bandewar <maheshb@google.com>
Subject: [PATCH next] ipvlan: add L2 check for packets arriving via virtual
	devices
Date: Thu,  7 Dec 2017 15:15:43 -0800
Message-Id: <20171207231543.7637-1-mahesh@bandewar.net>
X-Mailer: git-send-email 2.15.1.424.g9478a66081-goog
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Mahesh Bandewar <maheshb@google.com>

Packets that don't have dest mac as the mac of the master device should
not be entertained by the IPvlan rx-handler. This is mostly true as the
packet path mostly takes care of that, except when the master device is
a virtual device. As demonstrated in the following case -

  ip netns add ns1
  ip link add ve1 type veth peer name ve2
  ip link add link ve2 name iv1 type ipvlan mode l2
  ip link set dev iv1 netns ns1
  ip link set ve1 up
  ip link set ve2 up
  ip -n ns1 link set iv1 up
  ip addr add 192.168.10.1/24 dev ve1
  ip -n ns1 addr 192.168.10.2/24 dev iv1
  ping -c2 192.168.10.2
  <Works!>
  ip neigh show dev ve1
  ip neigh show 192.168.10.2 lladdr <random> dev ve1
  ping -c2 192.168.10.2
  <Still works! Wrong!!>

This patch adds that missing check in the IPvlan rx-handler.

Reported-by: Amit Sikka <amit.sikka@ericsson.com>
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
---
 drivers/net/ipvlan/ipvlan_core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
index 9774c96ac7bb..0bc7f721b717 100644
--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -322,6 +322,10 @@ static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
 		if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
 			success = true;
 	} else {
+		if (!ether_addr_equal_64bits(eth_hdr(skb)->h_dest,
+					     ipvlan->phy_dev->dev_addr))
+			skb->pkt_type = PACKET_OTHERHOST;
+
 		ret = RX_HANDLER_ANOTHER;
 		success = true;
 	}