Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752351AbdDNR1y (ORCPT <rfc822;w@1wt.eu>);
        Fri, 14 Apr 2017 13:27:54 -0400
Received: from mail-lf0-f41.google.com ([209.85.215.41]:33071 "EHLO
        mail-lf0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751554AbdDNR1t (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Apr 2017 13:27:49 -0400
Subject: Re: [PATCH net-next v2 4/6] vxlan: check valid combinations of
 address scopes
To: Matthias Schiffer <mschiffer@universe-factory.net>,
        davem@davemloft.net, jbenc@redhat.com, hannes@stressinduktion.org,
        pshelar@ovn.org, aduyck@mirantis.com, roopa@cumulusnetworks.com
References: <cover.1492187126.git.mschiffer@universe-factory.net>
 <49cd788f13c2cd3f6a42f34c219c9511cc1f9cec.1492187126.git.mschiffer@universe-factory.net>
Cc: netdev@vger.kernel.org, dev@openvswitch.org,
        linux-kernel@vger.kernel.org
From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Organization: Cogent Embedded
Message-ID: <0dd0812f-41d7-f4d8-2b40-0ff5b4553cf5@cogentembedded.com>
Date: Fri, 14 Apr 2017 20:27:43 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <49cd788f13c2cd3f6a42f34c219c9511cc1f9cec.1492187126.git.mschiffer@universe-factory.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2278
Lines: 74

On 04/14/2017 07:44 PM, Matthias Schiffer wrote:

> * Multicast addresses are never valid as local address
> * Link-local IPv6 unicast addresses may only be used as remote when the
>   local address is link-local as well
> * Don't allow link-local IPv6 local/remote addresses without interface
>
> We also store in the flags field if link-local addresses are used for the
> follow-up patches that actually make VXLAN over link-local IPv6 work.
>
> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
> ---
>
> v2: was "vxlan: don't allow link-local IPv6 local/remote addresses without
> interface" before. v2 does a lot more checks and adds the
> VXLAN_F_IPV6_LINKLOCAL flag.
>
>  drivers/net/vxlan.c | 35 +++++++++++++++++++++++++++++++++++
>  include/net/vxlan.h |  2 ++
>  2 files changed, 37 insertions(+)
>
> diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
> index 07f89b037681..95a71546e8f2 100644
> --- a/drivers/net/vxlan.c
> +++ b/drivers/net/vxlan.c
> @@ -2881,11 +2881,39 @@ static int vxlan_config_validate(struct net *src_net, struct vxlan_config *conf,
>  	if (conf->saddr.sa.sa_family != conf->remote_ip.sa.sa_family)
>  		return -EINVAL;
>
> +	if (vxlan_addr_multicast(&conf->saddr))
> +		return -EINVAL;
> +
>  	if (conf->saddr.sa.sa_family == AF_INET6) {
>  		if (!IS_ENABLED(CONFIG_IPV6))
>  			return -EPFNOSUPPORT;
>  		use_ipv6 = true;
>  		conf->flags |= VXLAN_F_IPV6;
> +
> +		if (!(conf->flags & VXLAN_F_COLLECT_METADATA)) {
> +			int local_type =
> +				ipv6_addr_type(&conf->saddr.sin6.sin6_addr);
> +			int remote_type =
> +				ipv6_addr_type(&conf->remote_ip.sin6.sin6_addr);
> +
> +			if (local_type & IPV6_ADDR_LINKLOCAL) {
> +				if (!(remote_type & IPV6_ADDR_LINKLOCAL) &&
> +				    (remote_type != IPV6_ADDR_ANY)) {
> +					pr_info("invalid combination of address scopes\n");

    Maybe pr_err()?

> +					return -EINVAL;
> +				}
> +
> +				conf->flags |= VXLAN_F_IPV6_LINKLOCAL;
> +			} else {
> +				if (remote_type ==
> +				    (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL)) {
> +					pr_info("invalid combination of address scopes\n");

    Here as well...

> +					return -EINVAL;
> +				}
> +
> +				conf->flags &= ~VXLAN_F_IPV6_LINKLOCAL;
> +			}
> +		}
>  	}
>
>  	if (conf->label && !use_ipv6) {
[...]

MBR, Sergei