ip_tunnels: record IP version in tunnel info

There's currently nothing preventing directing packets with IPv6
encapsulation data to IPv4 tunnels (and vice versa). If this happens,
IPv6 addresses are incorrectly interpreted as IPv4 ones.

Track whether the given ip_tunnel_key contains IPv4 or IPv6 data. Store this
in ip_tunnel_info. Reject packets at appropriate places if they are supposed
to be encapsulated into an incompatible protocol.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 4a39c09f144c078d994ba11bba0315d5cd2c1633..3908a22f23d187cfbd4e87e376b93181b85efb06 100644 (file)
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -627,6 +627,8 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, struct net_device *dev)
                        netdev_dbg(dev, "no tunnel metadata\n");
                        goto tx_error;
                }
+               if (info && ip_tunnel_info_af(info) != AF_INET)
+                       goto tx_error;
        }
 
        rt = geneve_get_rt(skb, dev, &fl4, info);

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index bd1b8cdf2bf6febf06cd8016f5e27d0e44937229..e3adfe0ef66b30ff34d982f78a90e3accec9b552 100644 (file)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1903,6 +1903,8 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
                                  dev->name);
                        goto drop;
                }
+               if (family != ip_tunnel_info_af(info))
+                       goto drop;
 
                dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
                vni = be64_to_cpu(info->key.tun_id);

diff --git a/include/net/dst_metadata.h b/include/net/dst_metadata.h
index 2b83f0d232e09949f1c99fc6164590401ebb0927..d32f49cc621d22935572e15b6a68a9958878d2ea 100644 (file)
--- a/include/net/dst_metadata.h
+++ b/include/net/dst_metadata.h
@@ -105,6 +105,7 @@ static inline struct metadata_dst *ipv6_tun_rx_dst(struct sk_buff *skb,
        info->key.u.ipv6.dst = ip6h->daddr;
        info->key.tos = ipv6_get_dsfield(ip6h);
        info->key.ttl = ip6h->hop_limit;
+       info->mode = IP_TUNNEL_INFO_IPV6;
        return tun_dst;
 }
 

diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index 9bdb3948798fd14569f82dddadd41ef5fe1254b5..2b4fa06e91bdee117f78d87a782e6024570bd296 100644 (file)
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -4,6 +4,7 @@
 #include <linux/if_tunnel.h>
 #include <linux/netdevice.h>
 #include <linux/skbuff.h>
+#include <linux/socket.h>
 #include <linux/types.h>
 #include <linux/u64_stats_sync.h>
 #include <net/dsfield.h>
@@ -52,6 +53,7 @@ struct ip_tunnel_key {
 
 /* Flags for ip_tunnel_info mode. */
 #define IP_TUNNEL_INFO_TX      0x01    /* represents tx tunnel parameters */
+#define IP_TUNNEL_INFO_IPV6    0x02    /* key contains IPv6 addresses */
 
 struct ip_tunnel_info {
        struct ip_tunnel_key    key;
@@ -208,6 +210,8 @@ static inline void __ip_tunnel_info_init(struct ip_tunnel_info *tun_info,
 
        tun_info->options = opts;
        tun_info->options_len = opts_len;
+
+       tun_info->mode = 0;
 }
 
 static inline void ip_tunnel_info_init(struct ip_tunnel_info *tun_info,
@@ -221,6 +225,12 @@ static inline void ip_tunnel_info_init(struct ip_tunnel_info *tun_info,
                              tun_id, tun_flags, opts, opts_len);
 }
 
+static inline unsigned short ip_tunnel_info_af(const struct ip_tunnel_info
+                                              *tun_info)
+{
+       return tun_info->mode & IP_TUNNEL_INFO_IPV6 ? AF_INET6 : AF_INET;
+}
+
 #ifdef CONFIG_INET
 
 int ip_tunnel_init(struct net_device *dev);

diff --git a/net/core/filter.c b/net/core/filter.c
index 66500d490995190ab8c890cf1ca2eaa0ef78a8e6..13079f03902e7674b7cd71bf01ca1d12844c758b 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1493,6 +1493,8 @@ static u64 bpf_skb_get_tunnel_key(u64 r1, u64 r2, u64 size, u64 flags, u64 r5)
 
        if (unlikely(size != sizeof(struct bpf_tunnel_key) || flags || !info))
                return -EINVAL;
+       if (ip_tunnel_info_af(info) != AF_INET)
+               return -EINVAL;
 
        to->tunnel_id = be64_to_cpu(info->key.tun_id);
        to->remote_ipv4 = be32_to_cpu(info->key.u.ipv4.src);

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 1e813a9f9378f8520dae4ee28cf0740d6a2796b7..bd0679d90519b170dc98369e9b438e4c31b152b9 100644 (file)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -511,7 +511,8 @@ static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev)
        int err;
 
        tun_info = skb_tunnel_info(skb);
-       if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX)))
+       if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
+                    ip_tunnel_info_af(tun_info) != AF_INET))
                goto err_free_skb;
 
        key = &tun_info->key;

diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 934f2ac8ad610838b8a6611a4fecac5849f3afef..0c756ade1cf715ac74b593714597a8aa4401ea6e 100644 (file)
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -356,7 +356,7 @@ static int ip6_tun_build_state(struct net_device *dev, struct nlattr *attr,
        if (tb[LWTUNNEL_IP6_FLAGS])
                tun_info->key.tun_flags = nla_get_u16(tb[LWTUNNEL_IP6_FLAGS]);
 
-       tun_info->mode = IP_TUNNEL_INFO_TX;
+       tun_info->mode = IP_TUNNEL_INFO_TX | IP_TUNNEL_INFO_IPV6;
        tun_info->options = NULL;
        tun_info->options_len = 0;
 

diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c
index 5a3195e538ce588ca6889bce445f61d02cf59894..9760dc43bdb99815dc4af7dd8e2c1a34a184a27b 100644 (file)
--- a/net/openvswitch/flow.c
+++ b/net/openvswitch/flow.c
@@ -688,6 +688,8 @@ int ovs_flow_key_extract(const struct ip_tunnel_info *tun_info,
 {
        /* Extract metadata from packet. */
        if (tun_info) {
+               if (ip_tunnel_info_af(tun_info) != AF_INET)
+                       return -EINVAL;
                memcpy(&key->tun_key, &tun_info->key, sizeof(key->tun_key));
 
                if (tun_info->options) {

diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
index e2dc9dac59e689bd0edbb9ddc7f0d6932f97da7e..40164037928e7e8a28a98a9ca7f48c51cdefe343 100644 (file)
--- a/net/openvswitch/vport.c
+++ b/net/openvswitch/vport.c
@@ -587,6 +587,8 @@ int ovs_tunnel_get_egress_info(struct ip_tunnel_info *egress_tun_info,
 
        if (unlikely(!tun_info))
                return -EINVAL;
+       if (ip_tunnel_info_af(tun_info) != AF_INET)
+               return -EINVAL;
 
        tun_key = &tun_info->key;