Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp4527750rwb; Tue, 6 Sep 2022 08:43:45 -0700 (PDT) X-Google-Smtp-Source: AA6agR5FfErgL5fRSxsmJHz0CBrEaZCSngzoeo/4ll2on4qYlmAuZiKOWV4x8SfciDT8nrFIGiuj X-Received: by 2002:a05:6a00:2291:b0:539:d5b8:4ecc with SMTP id f17-20020a056a00229100b00539d5b84eccmr37130472pfe.79.1662479023496; Tue, 06 Sep 2022 08:43:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662479023; cv=none; d=google.com; s=arc-20160816; b=vPBq00FAA4eW4+7xd3WPeVWoAyevMYDobo+FqNhzptBHl8WPzFCgJM6yG1qh4TC4jA M//kG9sMgY/wZq6+/CRKUnzQuoS5yOp7In2gpUTOLjyww2oabGEnuHgg1HfJKeO97CL0 k2OoZ5UM6yGai/MR3BjRhgasW+sKk17HBqZyo8SYmJ21xW8gkXmegDGZXzN/N4t5biY2 Q0LHCROcOb8R2o+Tj41Hw4JzMXcO60Q9qYfkQZu6RTB08fdJ6j/uy/o1Jzt1YB0ywzw3 /jmEIl3LWkcicjdXFYky3oigIbA/KT9/987kNwWZRxkOkT3ysHUK/VOQazYX3Bi/soUe gBig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XU6U6pNoHh2TJNa/qKA2Eh0mAzj+MfZu2di+k0nNy4U=; b=JvTmYrCBtOIRAIHx8wIpE4J6yXsUUIQryfTuNGLxq9RKesMSiNaX35EmE60RrvJnUe KvoAcp5gqoy881bn5uOrFAapkBfXD1XT9ftmD5gA+MyTVtrSJ71EWHgO1npqcVBUMSwN vr15DFKGZlVy8wmygmnydLPP4BOOq7wBH6fOHY+0lUgNZKWbena2DRbSYqOdeQ1oEX90 Jhasn3hZYv7igRiNjHoyzgwlNvVHozNImy5IYdyYM9riBBG6Wr2kck7bFwXU7MNmE3+C WXUjsNdo3P8AoLSO6hk6DOUR0MxvZudI1mF5h2CnelIYXx2AK/bu59ao0Lz1DgNarU9y ByYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Tg6n4Ug0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u21-20020a656715000000b0042c707478d5si13575916pgf.362.2022.09.06.08.43.30; Tue, 06 Sep 2022 08:43:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Tg6n4Ug0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240817AbiIFN6i (ORCPT + 99 others); Tue, 6 Sep 2022 09:58:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57482 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239694AbiIFNz5 (ORCPT ); Tue, 6 Sep 2022 09:55:57 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47FA782771; Tue, 6 Sep 2022 06:42:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9CD9AB818C2; Tue, 6 Sep 2022 13:41:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5EF1C433B5; Tue, 6 Sep 2022 13:41:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1662471718; bh=peJCUCPW5ynryEAfWIi/9si/ifz63uPjfizjrhUdKYM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Tg6n4Ug0vlfADzbTAATmFZD+MevRRK7P6PIUHrdZ0OLqc8MHdrHiJ8enR8fZZdLO0 zdL4xhjWvvvPerdG20SbnMFJcG+XWtgVMIyNmLyvlOmngfDhmJnz7LF+5jaFbXiHj0 gnylEOfSWzZw0Amr4Tp0+c46qfzKNmE8RjBaMy5w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eyal Birger , Daniel Borkmann , Paul Chaignon , Sasha Levin Subject: [PATCH 5.19 015/155] ip_tunnel: Respect tunnel keys "flow_flags" in IP tunnels Date: Tue, 6 Sep 2022 15:29:23 +0200 Message-Id: <20220906132830.066867248@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220906132829.417117002@linuxfoundation.org> References: <20220906132829.417117002@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eyal Birger [ Upstream commit 7ec9fce4b31604f8415136a4c07f7dc8ad431aec ] Commit 451ef36bd229 ("ip_tunnels: Add new flow flags field to ip_tunnel_key") added a "flow_flags" member to struct ip_tunnel_key which was later used by the commit in the fixes tag to avoid dropping packets with sources that aren't locally configured when set in bpf_set_tunnel_key(). VXLAN and GENEVE were made to respect this flag, ip tunnels like IPIP and GRE were not. This commit fixes this omission by making ip_tunnel_init_flow() receive the flow flags from the tunnel key in the relevant collect_md paths. Fixes: b8fff748521c ("bpf: Set flow flag to allow any source IP in bpf_tunnel_key") Signed-off-by: Eyal Birger Signed-off-by: Daniel Borkmann Reviewed-by: Paul Chaignon Link: https://lore.kernel.org/bpf/20220818074118.726639-1-eyal.birger@gmail.com Signed-off-by: Sasha Levin --- drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c | 3 ++- include/net/ip_tunnels.h | 4 +++- net/ipv4/ip_gre.c | 2 +- net/ipv4/ip_tunnel.c | 7 ++++--- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c index fe663b0ab7086..68d87e61bdc05 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c @@ -423,7 +423,8 @@ mlxsw_sp_span_gretap4_route(const struct net_device *to_dev, parms = mlxsw_sp_ipip_netdev_parms4(to_dev); ip_tunnel_init_flow(&fl4, parms.iph.protocol, *daddrp, *saddrp, - 0, 0, dev_net(to_dev), parms.link, tun->fwmark, 0); + 0, 0, dev_net(to_dev), parms.link, tun->fwmark, 0, + 0); rt = ip_route_output_key(tun->net, &fl4); if (IS_ERR(rt)) diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h index 20f60d9da7418..cf1f22c01ed3d 100644 --- a/include/net/ip_tunnels.h +++ b/include/net/ip_tunnels.h @@ -246,7 +246,8 @@ static inline void ip_tunnel_init_flow(struct flowi4 *fl4, __be32 daddr, __be32 saddr, __be32 key, __u8 tos, struct net *net, int oif, - __u32 mark, __u32 tun_inner_hash) + __u32 mark, __u32 tun_inner_hash, + __u8 flow_flags) { memset(fl4, 0, sizeof(*fl4)); @@ -263,6 +264,7 @@ static inline void ip_tunnel_init_flow(struct flowi4 *fl4, fl4->fl4_gre_key = key; fl4->flowi4_mark = mark; fl4->flowi4_multipath_hash = tun_inner_hash; + fl4->flowi4_flags = flow_flags; } int ip_tunnel_init(struct net_device *dev); diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 5c58e21f724e9..f866d6282b2b3 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -609,7 +609,7 @@ static int gre_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb) ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src, tunnel_id_to_key32(key->tun_id), key->tos & ~INET_ECN_MASK, dev_net(dev), 0, - skb->mark, skb_get_hash(skb)); + skb->mark, skb_get_hash(skb), key->flow_flags); rt = ip_route_output_key(dev_net(dev), &fl4); if (IS_ERR(rt)) return PTR_ERR(rt); diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 94017a8c39945..1ad8809fc2e3b 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -295,7 +295,7 @@ static int ip_tunnel_bind_dev(struct net_device *dev) ip_tunnel_init_flow(&fl4, iph->protocol, iph->daddr, iph->saddr, tunnel->parms.o_key, RT_TOS(iph->tos), dev_net(dev), - tunnel->parms.link, tunnel->fwmark, 0); + tunnel->parms.link, tunnel->fwmark, 0, 0); rt = ip_route_output_key(tunnel->net, &fl4); if (!IS_ERR(rt)) { @@ -570,7 +570,8 @@ void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, } ip_tunnel_init_flow(&fl4, proto, key->u.ipv4.dst, key->u.ipv4.src, tunnel_id_to_key32(key->tun_id), RT_TOS(tos), - dev_net(dev), 0, skb->mark, skb_get_hash(skb)); + dev_net(dev), 0, skb->mark, skb_get_hash(skb), + key->flow_flags); if (tunnel->encap.type != TUNNEL_ENCAP_NONE) goto tx_error; @@ -728,7 +729,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, ip_tunnel_init_flow(&fl4, protocol, dst, tnl_params->saddr, tunnel->parms.o_key, RT_TOS(tos), dev_net(dev), tunnel->parms.link, - tunnel->fwmark, skb_get_hash(skb)); + tunnel->fwmark, skb_get_hash(skb), 0); if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0) goto tx_error; -- 2.35.1