From patchwork Wed Jun 26 11:58:51 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
X-Patchwork-Id: 1122710
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none)
	header.from=cumulusnetworks.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=cumulusnetworks.com
	header.i=@cumulusnetworks.com header.b="D3aPt8/M";
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 45YhSr69KRz9sCJ
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 26 Jun 2019 22:01:16 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726965AbfFZMBI (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 26 Jun 2019 08:01:08 -0400
Received: from mail-wm1-f66.google.com ([209.85.128.66]:34761 "EHLO
	mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726157AbfFZMBF (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 26 Jun 2019 08:01:05 -0400
Received: by mail-wm1-f66.google.com with SMTP id w9so4478278wmd.1
	for <netdev@vger.kernel.org>; Wed, 26 Jun 2019 05:01:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cumulusnetworks.com; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=gUAsyBC+YyCn6Chz7Qnk989iaecFlEUtVr7lsQ7ziVw=;
	b=D3aPt8/M7dlnGwHdMMjOJ6+zEV+tnY5tR+8OlimQXLAdCABGG6NqIhgjwSPmpu4cfB
	c5mpBMktTLpHZ6iBtGnT0Y14q1Qw90kVlLQMA0T2NJjKmRBcQ3o1CHDeqzL3uxQ5yAaa
	kT/8BxfrBOULiiy7q662mSSGdevMFFZFzYA5E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=gUAsyBC+YyCn6Chz7Qnk989iaecFlEUtVr7lsQ7ziVw=;
	b=QrdSjicfAsqmKc90QJiiNNCpImU/U2plc9es+/vnoFwG1hs9Pii4q7KmA2MYPPpo3U
	NBzIx8TrWvA/1UfqrqB3D04M3NCvUaff0SJuEfyacrbOPmti1r3rrVALyPWqg6+Gcu56
	UzIviROwwel8hTnTd0SPMwygse4a27fsQ9iSjccmiAHhSCqKxB6k1asq+VgBYLBH82N7
	Ol769fNHd+WeykleK+Uo9eahZqQGKVuX+uIyTI24Rv2SmtjCaEGolhfozPDr6DDuc7X4
	0L/Z6QU6+1Ro/c8xkfHrlv3B4OG7KSdmsXsIgJCUiAbP1d16H4AIK70RVPlXHk7WW2UI
	MNxA==
X-Gm-Message-State: APjAAAVEH2E8AvOSfDoTDrLbSZDt/s7LL79Pjrg/kaSiXl7YomAmdxlO
	aKZJaLrasWntaNeL6QCSh9m4rtwWiUI=
X-Google-Smtp-Source: 
 APXvYqy7a1yqcvajdECGqvpDuCSkHeKB4s+Rkvk/oRwrrdOqifTM2m32mhuol+Z7cT+8s4QVdTHZyQ==
X-Received: by 2002:a05:600c:214e:: with SMTP id
	v14mr2612118wml.96.1561550463236;
	Wed, 26 Jun 2019 05:01:03 -0700 (PDT)
Received: from localhost.localdomain ([78.128.78.220])
	by smtp.gmail.com with ESMTPSA id
	f190sm1676818wmg.13.2019.06.26.05.01.02
	(version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
	Wed, 26 Jun 2019 05:01:02 -0700 (PDT)
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
To: netdev@vger.kernel.org
Cc: roopa@cumulusnetworks.com, pablo@netfilter.org,
	xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us,
	jhs@mojatatu.com, eyal.birger@gmail.com,
	Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Subject: [PATCH net-next 1/5] net: sched: em_ipt: match only on ip/ipv6
	traffic
Date: Wed, 26 Jun 2019 14:58:51 +0300
Message-Id: <20190626115855.13241-2-nikolay@cumulusnetworks.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190626115855.13241-1-nikolay@cumulusnetworks.com>
References: <20190626115855.13241-1-nikolay@cumulusnetworks.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Restrict matching only to ip/ipv6 traffic and make sure we can use the
headers, otherwise matches will be attempted on any protocol which can
be unexpected by the xt matches. Currently policy supports only ipv4/6.

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
---
 net/sched/em_ipt.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c
index 243fd22f2248..64dbafe4e94c 100644
--- a/net/sched/em_ipt.c
+++ b/net/sched/em_ipt.c
@@ -185,6 +185,19 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em,
 	struct nf_hook_state state;
 	int ret;
 
+	switch (tc_skb_protocol(skb)) {
+	case htons(ETH_P_IP):
+		if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))
+			return 0;
+		break;
+	case htons(ETH_P_IPV6):
+		if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
+			return 0;
+		break;
+	default:
+		return 0;
+	}
+
 	rcu_read_lock();
 
 	if (skb->skb_iif)