On Fri, Aug 28, 2015 at 7:27 AM, Jiri Benc <[email protected]> wrote: > There's currently nothing preventing directing packets with IPv6 > encapsulation data to IPv4 tunnels (and vice versa). If this happens, > IPv6 addresses are incorrectly interpreted as IPv4 ones. > > Track whether the given ip_tunnel_key contains IPv4 or IPv6 data. Store this > in ip_tunnel_info. Reject packets at appropriate places if they are supposed > to be encapsulated into an incompatible protocol. > > Signed-off-by: Jiri Benc <[email protected]> > --- > drivers/net/geneve.c | 3 +++ > drivers/net/vxlan.c | 2 ++ > include/net/dst_metadata.h | 1 + > include/net/ip_tunnels.h | 10 ++++++++++ > net/core/filter.c | 2 ++ > net/ipv4/ip_gre.c | 3 ++- > net/ipv4/ip_tunnel_core.c | 2 +- > net/openvswitch/flow.c | 2 ++ > net/openvswitch/vport.c | 2 ++ > 9 files changed, 25 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c > index 4357bae732d7..d4882d7904f6 100644 > --- a/drivers/net/geneve.c > +++ b/drivers/net/geneve.c > @@ -644,6 +644,9 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, > struct net_device *dev) > u8 *opts = NULL; > u8 vni[3]; > > + if (ip_tunnel_info_af(info) != AF_INET) > + goto err; > + geneve_get_rt() already interpreted the info as ipv4 tunnel info.
We can avoid such bugs by introducing separate API to retrieve ipv4 and ipv6 tunnel info. Something like skb_tunnel_info_v4()/skb_tunnel_info_v6() for ipv4 and ipv6. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
