2017-12-20 02:22:04

by Haishuang Yan

Subject: [PATCH v3,net-next 0/2] net: erspan: fix erspan_rcv/ip6erspan_rcv error path

This patch series fix potential issue in error path.

Haishuang Yan (2):
ip_gre: fix error path when erspan_rcv failed
ip6_gre: fix error path when ip6erspan_rcv failed

net/ipv4/ip_gre.c | 2 ++
net/ipv6/ip6_gre.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)

--
1.8.3.1

2017-12-20 02:22:14

by Haishuang Yan

Subject: [PATCH v3,net-next 1/2] ip_gre: fix error path when erspan_rcv failed

When erspan_rcv call return PACKET_REJECT, we shoudn't call ipgre_rcv to
process packets again, instead send icmp unreachable message in error
path.

Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
Acked-by: William Tu <[email protected]>
Cc: William Tu <[email protected]>
Signed-off-by: Haishuang Yan <[email protected]>

---
Change since v3:
* Rebase on latest master branch.
* Fix wrong commit information.
---
net/ipv4/ip_gre.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 3029e3e..90c9123 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -436,11 +436,13 @@ static int gre_rcv(struct sk_buff *skb)
tpi.proto == htons(ETH_P_ERSPAN2))) {
if (erspan_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
return 0;
+ goto out;
}

if (ipgre_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
return 0;

+out:
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
drop:
kfree_skb(skb);
--
1.8.3.1

2017-12-20 02:22:27

by Haishuang Yan

Subject: [PATCH v3,net-next 2/2] ip6_gre: fix error path when ip6erspan_rcv failed

Same as ipv4 code, when ip6erspan_rcv call return PACKET_REJECT, we
should call icmpv6_send to send icmp unreachable message in error path.

Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
Acked-by: William Tu <[email protected]>
Cc: William Tu <[email protected]>
Signed-off-by: Haishuang Yan <[email protected]>

---
Change since v2:
* Rebase on latest master branch.
* Fix wrong commit information.
---
net/ipv6/ip6_gre.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 45038a9..8451d00 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -604,12 +604,13 @@ static int gre_rcv(struct sk_buff *skb)
tpi.proto == htons(ETH_P_ERSPAN2))) {
if (ip6erspan_rcv(skb, hdr_len, &tpi) == PACKET_RCVD)
return 0;
- goto drop;
+ goto out;
}

if (ip6gre_rcv(skb, &tpi) == PACKET_RCVD)
return 0;

+out:
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
drop:
kfree_skb(skb);
--
1.8.3.1

2017-12-20 18:53:05

by David Miller

Subject: Re: [PATCH v3,net-next 1/2] ip_gre: fix error path when erspan_rcv failed

From: Haishuang Yan <[email protected]>
Date: Wed, 20 Dec 2017 10:21:46 +0800

> When erspan_rcv call return PACKET_REJECT, we shoudn't call ipgre_rcv to
> process packets again, instead send icmp unreachable message in error
> path.
>
> Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
> Acked-by: William Tu <[email protected]>
> Cc: William Tu <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>

Applied.

2017-12-20 18:53:17

by David Miller

Subject: Re: [PATCH v3,net-next 2/2] ip6_gre: fix error path when ip6erspan_rcv failed

From: Haishuang Yan <[email protected]>
Date: Wed, 20 Dec 2017 10:21:47 +0800

> Same as ipv4 code, when ip6erspan_rcv call return PACKET_REJECT, we
> should call icmpv6_send to send icmp unreachable message in error path.
>
> Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
> Acked-by: William Tu <[email protected]>
> Cc: William Tu <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>

Applied.