From patchwork Fri Jul 24 21:03:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 1335979 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Gntzk7e1; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4BD1rm24X9z9sR4 for ; Sat, 25 Jul 2020 07:03:36 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726658AbgGXVDe (ORCPT ); Fri, 24 Jul 2020 17:03:34 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:31028 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726591AbgGXVDe (ORCPT ); Fri, 24 Jul 2020 17:03:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595624612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=mz9JALUb1Eq/OpIWOhI+hSok+N0F8JBO8OI958mC2F0=; b=Gntzk7e1spzw+bzC7Hefs8e/rfxapVx/jPXX+QojDXOTK49EkXtVl2WD8/x2CoUMggXdF6 h1FsLXQ3Olyo5Fiz9/FFJ4Wtf2/w49+BYCl0cS+Sp/MQwkaAHku9X6oEPhwrp7CL+SmkoH XhqabnqhFeacgu6z30nh9vbJFwDbK5s= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-427-2HXT0kdkPyiY-JuoyuKI5A-1; Fri, 24 Jul 2020 17:03:31 -0400 X-MC-Unique: 2HXT0kdkPyiY-JuoyuKI5A-1 Received: by mail-wr1-f72.google.com with SMTP id h4so2446732wrh.10 for ; Fri, 24 Jul 2020 14:03:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=mz9JALUb1Eq/OpIWOhI+hSok+N0F8JBO8OI958mC2F0=; b=ZNoiXfwPqbPJj/0XvJV3tyKWrU7PM4ddZ3wySwgc9TkGDf8vLrnt2JGhiw8A81m9ZG qO9j7Sn9R+O7GMpLIBZuAD45/fvBAUxn5hr35J1+htb8BnEh7qli+C8nhhzMeA5BcPTz t5IG4wUlQmggQHjC1Ik8Z1DfmuRldprsnChLbgZpTKVvFvxVNBilKsu3875GQLcC4Sqw GoT8L2pl6upe5qPzZM8lcaPgbalFXUyC1hIAbf5nqM/XFO8g2Pi2D2saNE0kyauDeFCg Ncjow5LVVfDYIj7/sNOKg2eSPVWRSM4gSkhGSmkMTdwJk4SL69keGNa8AgdXTmtFsgof FCEA== X-Gm-Message-State: AOAM533B9KtY+nIJzv9scZheeqKdHgFDQuid22crOjMcvcRz/K1YWJkQ k0bTbd4yHqyjHTWUe5bZ1qkHngZ/xi2sfUb7wb/gQn2wMypS31DiMDPLW5pmrMwK9j3QNHFRste +gBzcxua0u54QkbRI X-Received: by 2002:a7b:cbd0:: with SMTP id n16mr7446087wmi.123.1595624609927; Fri, 24 Jul 2020 14:03:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzXncqslqFYJcjJp3xLZ0dpj2rRxKMBdleqNd2aVAPXwTieAxUePJCaFOyCda87dYpDe4qA2Q== X-Received: by 2002:a7b:cbd0:: with SMTP id n16mr7446061wmi.123.1595624609455; Fri, 24 Jul 2020 14:03:29 -0700 (PDT) Received: from pc-2.home (2a01cb058529bf0075b0798a7f5975cb.ipv6.abo.wanadoo.fr. [2a01:cb05:8529:bf00:75b0:798a:7f59:75cb]) by smtp.gmail.com with ESMTPSA id t202sm8487273wmt.20.2020.07.24.14.03.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 14:03:28 -0700 (PDT) Date: Fri, 24 Jul 2020 23:03:26 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski Cc: netdev@vger.kernel.org, Martin Varghese , Willem de Bruijn Subject: [PATCH net] bareudp: forbid mixing IP and MPLS in multiproto mode Message-ID: MIME-Version: 1.0 Content-Disposition: inline Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org In multiproto mode, bareudp_xmit() accepts sending multicast MPLS and IPv6 packets regardless of the bareudp ethertype. In practice, this let an IP tunnel send multicast MPLS packets, or an MPLS tunnel send IPv6 packets. We need to restrict the test further, so that the multiproto mode only enables * IPv6 for IPv4 tunnels, * or multicast MPLS for unicast MPLS tunnels. To improve clarity, the protocol validation is moved to its own function, where each logical test has its own condition. Fixes: 4b5f67232d95 ("net: Special handling for IP & MPLS.") Signed-off-by: Guillaume Nault --- drivers/net/bareudp.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/drivers/net/bareudp.c b/drivers/net/bareudp.c index 3dd46cd55114..e97f318f9f06 100644 --- a/drivers/net/bareudp.c +++ b/drivers/net/bareudp.c @@ -407,19 +407,34 @@ static int bareudp6_xmit_skb(struct sk_buff *skb, struct net_device *dev, return err; } +static bool bareudp_proto_valid(struct bareudp_dev *bareudp, __be16 proto) +{ + if (bareudp->ethertype == proto) + return true; + + if (!bareudp->multi_proto_mode) + return false; + + if (bareudp->ethertype == htons(ETH_P_MPLS_UC) && + proto == ntohs(ETH_P_MPLS_MC)) + return true; + + if (bareudp->ethertype == htons(ETH_P_IP) && + proto == ntohs(ETH_P_IPV6)) + return true; + + return false; +} + static netdev_tx_t bareudp_xmit(struct sk_buff *skb, struct net_device *dev) { struct bareudp_dev *bareudp = netdev_priv(dev); struct ip_tunnel_info *info = NULL; int err; - if (skb->protocol != bareudp->ethertype) { - if (!bareudp->multi_proto_mode || - (skb->protocol != htons(ETH_P_MPLS_MC) && - skb->protocol != htons(ETH_P_IPV6))) { - err = -EINVAL; - goto tx_error; - } + if (!bareudp_proto_valid(bareudp, skb->protocol)) { + err = -EINVAL; + goto tx_error; } info = skb_tunnel_info(skb);