net/ipv4: Initialize proto and ports in flow struct

Updating the FIB tracepoint for the recent change to allow rules using the protocol and ports exposed a few places where the entries in the flow struct are not initialized. For __fib_validate_source add the call to fib4_rules_early_flow_dissect since it is invoked for the input path. For netfilter, add the memset on the flow struct to avoid future problems like this. In ip_route_input_slow need to set the fields if the skb dissection does not happen. Fixes: bfff4862653b ("net: fib_rules: support for match on ip_proto, sport and dport") Signed-off-by: David Ahern <dsahern@gmail.com> Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David Ahern <dsahern@gmail.com> 2018-05-16 16:36:40 -0400
committer: David S. Miller <davem@davemloft.net> 2018-05-17 14:55:21 -0400
commit: 5a847a6e1477be5bd3f94cc1b7708d7d4a7cd94c (patch)
tree: f115003a688ee3366207745a53eabbe53a533796
parent: 8ab6ffba14a466c7298cb3fd5066d774d2977ad1 (diff)
3 files changed, 14 insertions, 3 deletions
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index f05afaf3235c..4d622112bf95 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -326,10 +326,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
                                 u8 tos, int oif, struct net_device *dev,
                                 int rpf, struct in_device *idev, u32 *itag)
 {
+        struct net *net = dev_net(dev);
+        struct flow_keys flkeys;
        int ret, no_addr;
        struct fib_result res;
        struct flowi4 fl4;
-        struct net *net = dev_net(dev);
        bool dev_match;
        fl4.flowi4_oif = 0;
@@ -347,6 +348,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
        no_addr = idev->ifa_list == NULL;
        fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0;
+        if (!fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys)) {
+                fl4.flowi4_proto = 0;
+                fl4.fl4_sport = 0;
+                fl4.fl4_dport = 0;
+        }
        trace_fib_validate_source(dev, &fl4);
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
index fd01f13c896a..12843c9ef142 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -89,10 +89,10 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
                        return true ^ invert;
        }
+        memset(&flow, 0, sizeof(flow));
        flow.flowi4_iif = LOOPBACK_IFINDEX;
        flow.daddr = iph->saddr;
        flow.saddr = rpfilter_get_saddr(iph->daddr);
-        flow.flowi4_oif = 0;
        flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
        flow.flowi4_tos = RT_TOS(iph->tos);
        flow.flowi4_scope = RT_SCOPE_UNIVERSE;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 29268efad247..2cfa1b518f8d 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1961,8 +1961,13 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
        fl4.saddr = saddr;
        fl4.flowi4_uid = sock_net_uid(net, NULL);
-        if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys))
+        if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
                flkeys = &_flkeys;
+        } else {
+                fl4.flowi4_proto = 0;
+                fl4.fl4_sport = 0;
+                fl4.fl4_dport = 0;
+        }
        err = fib_lookup(net, &fl4, res, 0);
        if (err != 0) {
author	David Ahern <dsahern@gmail.com>	2018-05-16 16:36:40 -0400
committer	David S. Miller <davem@davemloft.net>	2018-05-17 14:55:21 -0400
commit	5a847a6e1477be5bd3f94cc1b7708d7d4a7cd94c (patch)
tree	f115003a688ee3366207745a53eabbe53a533796
parent	8ab6ffba14a466c7298cb3fd5066d774d2977ad1 (diff)