diff options
| author | Ansis Atteka <aatteka@nicira.com> | 2013-09-18 18:29:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-09-19 14:11:15 -0400 |
| commit | 703133de331a7a7df47f31fb9de51dc6f68a9de8 (patch) | |
| tree | 0c6c49e15c9461cd3a563d17062a866d2fafd6fa /net/ipv4 | |
| parent | 749154aa56b57652a282cbde57a57abc278d1205 (diff) | |
ip: generate unique IP identificator if local fragmentation is allowed
If local fragmentation is allowed, then ip_select_ident() and
ip_select_ident_more() need to generate unique IDs to ensure
correct defragmentation on the peer.
For example, if IPsec (tunnel mode) has to encrypt large skbs
that have local_df bit set, then all IP fragments that belonged
to different ESP datagrams would have used the same identificator.
If one of these IP fragments would get lost or reordered, then
peer could possibly stitch together wrong IP fragments that did
not belong to the same datagram. This would lead to a packet loss
or data corruption.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/igmp.c | 4 | ||||
| -rw-r--r-- | net/ipv4/inetpeer.c | 4 | ||||
| -rw-r--r-- | net/ipv4/ip_output.c | 6 | ||||
| -rw-r--r-- | net/ipv4/ipmr.c | 2 | ||||
| -rw-r--r-- | net/ipv4/raw.c | 2 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_mode_tunnel.c | 2 |
6 files changed, 10 insertions, 10 deletions
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index d6c0e64ec97f..dace87f06e5f 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c | |||
| @@ -369,7 +369,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) | |||
| 369 | pip->saddr = fl4.saddr; | 369 | pip->saddr = fl4.saddr; |
| 370 | pip->protocol = IPPROTO_IGMP; | 370 | pip->protocol = IPPROTO_IGMP; |
| 371 | pip->tot_len = 0; /* filled in later */ | 371 | pip->tot_len = 0; /* filled in later */ |
| 372 | ip_select_ident(pip, &rt->dst, NULL); | 372 | ip_select_ident(skb, &rt->dst, NULL); |
| 373 | ((u8 *)&pip[1])[0] = IPOPT_RA; | 373 | ((u8 *)&pip[1])[0] = IPOPT_RA; |
| 374 | ((u8 *)&pip[1])[1] = 4; | 374 | ((u8 *)&pip[1])[1] = 4; |
| 375 | ((u8 *)&pip[1])[2] = 0; | 375 | ((u8 *)&pip[1])[2] = 0; |
| @@ -714,7 +714,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, | |||
| 714 | iph->daddr = dst; | 714 | iph->daddr = dst; |
| 715 | iph->saddr = fl4.saddr; | 715 | iph->saddr = fl4.saddr; |
| 716 | iph->protocol = IPPROTO_IGMP; | 716 | iph->protocol = IPPROTO_IGMP; |
| 717 | ip_select_ident(iph, &rt->dst, NULL); | 717 | ip_select_ident(skb, &rt->dst, NULL); |
| 718 | ((u8 *)&iph[1])[0] = IPOPT_RA; | 718 | ((u8 *)&iph[1])[0] = IPOPT_RA; |
| 719 | ((u8 *)&iph[1])[1] = 4; | 719 | ((u8 *)&iph[1])[1] = 4; |
| 720 | ((u8 *)&iph[1])[2] = 0; | 720 | ((u8 *)&iph[1])[2] = 0; |
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c index 000e3d239d64..33d5537881ed 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c | |||
| @@ -32,8 +32,8 @@ | |||
| 32 | * At the moment of writing this notes identifier of IP packets is generated | 32 | * At the moment of writing this notes identifier of IP packets is generated |
| 33 | * to be unpredictable using this code only for packets subjected | 33 | * to be unpredictable using this code only for packets subjected |
| 34 | * (actually or potentially) to defragmentation. I.e. DF packets less than | 34 | * (actually or potentially) to defragmentation. I.e. DF packets less than |
| 35 | * PMTU in size uses a constant ID and do not use this code (see | 35 | * PMTU in size when local fragmentation is disabled use a constant ID and do |
| 36 | * ip_select_ident() in include/net/ip.h). | 36 | * not use this code (see ip_select_ident() in include/net/ip.h). |
| 37 | * | 37 | * |
| 38 | * Route cache entries hold references to our nodes. | 38 | * Route cache entries hold references to our nodes. |
| 39 | * New cache entries get references via lookup by destination IP address in | 39 | * New cache entries get references via lookup by destination IP address in |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index eae2e262fbe5..a04d872c54f9 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
| @@ -148,7 +148,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, | |||
| 148 | iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); | 148 | iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); |
| 149 | iph->saddr = saddr; | 149 | iph->saddr = saddr; |
| 150 | iph->protocol = sk->sk_protocol; | 150 | iph->protocol = sk->sk_protocol; |
| 151 | ip_select_ident(iph, &rt->dst, sk); | 151 | ip_select_ident(skb, &rt->dst, sk); |
| 152 | 152 | ||
| 153 | if (opt && opt->opt.optlen) { | 153 | if (opt && opt->opt.optlen) { |
| 154 | iph->ihl += opt->opt.optlen>>2; | 154 | iph->ihl += opt->opt.optlen>>2; |
| @@ -386,7 +386,7 @@ packet_routed: | |||
| 386 | ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0); | 386 | ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0); |
| 387 | } | 387 | } |
| 388 | 388 | ||
| 389 | ip_select_ident_more(iph, &rt->dst, sk, | 389 | ip_select_ident_more(skb, &rt->dst, sk, |
| 390 | (skb_shinfo(skb)->gso_segs ?: 1) - 1); | 390 | (skb_shinfo(skb)->gso_segs ?: 1) - 1); |
| 391 | 391 | ||
| 392 | skb->priority = sk->sk_priority; | 392 | skb->priority = sk->sk_priority; |
| @@ -1324,7 +1324,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk, | |||
| 1324 | iph->ttl = ttl; | 1324 | iph->ttl = ttl; |
| 1325 | iph->protocol = sk->sk_protocol; | 1325 | iph->protocol = sk->sk_protocol; |
| 1326 | ip_copy_addrs(iph, fl4); | 1326 | ip_copy_addrs(iph, fl4); |
| 1327 | ip_select_ident(iph, &rt->dst, sk); | 1327 | ip_select_ident(skb, &rt->dst, sk); |
| 1328 | 1328 | ||
| 1329 | if (opt) { | 1329 | if (opt) { |
| 1330 | iph->ihl += opt->optlen>>2; | 1330 | iph->ihl += opt->optlen>>2; |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index 9ae54b09254f..62212c772a4b 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c | |||
| @@ -1658,7 +1658,7 @@ static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr) | |||
| 1658 | iph->protocol = IPPROTO_IPIP; | 1658 | iph->protocol = IPPROTO_IPIP; |
| 1659 | iph->ihl = 5; | 1659 | iph->ihl = 5; |
| 1660 | iph->tot_len = htons(skb->len); | 1660 | iph->tot_len = htons(skb->len); |
| 1661 | ip_select_ident(iph, skb_dst(skb), NULL); | 1661 | ip_select_ident(skb, skb_dst(skb), NULL); |
| 1662 | ip_send_check(iph); | 1662 | ip_send_check(iph); |
| 1663 | 1663 | ||
| 1664 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | 1664 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index a86c7ae71881..bfec521c717f 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
| @@ -387,7 +387,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, | |||
| 387 | iph->check = 0; | 387 | iph->check = 0; |
| 388 | iph->tot_len = htons(length); | 388 | iph->tot_len = htons(length); |
| 389 | if (!iph->id) | 389 | if (!iph->id) |
| 390 | ip_select_ident(iph, &rt->dst, NULL); | 390 | ip_select_ident(skb, &rt->dst, NULL); |
| 391 | 391 | ||
| 392 | iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); | 392 | iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); |
| 393 | } | 393 | } |
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c index eb1dd4d643f2..b5663c37f089 100644 --- a/net/ipv4/xfrm4_mode_tunnel.c +++ b/net/ipv4/xfrm4_mode_tunnel.c | |||
| @@ -117,7 +117,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | |||
| 117 | 117 | ||
| 118 | top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? | 118 | top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? |
| 119 | 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF)); | 119 | 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF)); |
| 120 | ip_select_ident(top_iph, dst->child, NULL); | 120 | ip_select_ident(skb, dst->child, NULL); |
| 121 | 121 | ||
| 122 | top_iph->ttl = ip4_dst_hoplimit(dst->child); | 122 | top_iph->ttl = ip4_dst_hoplimit(dst->child); |
| 123 | 123 | ||