diff options
| author | Xin Long <lucien.xin@gmail.com> | 2017-09-15 00:00:07 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-09-18 17:50:45 -0400 |
| commit | 76cc0d3282d4b933fa144fa41fbc5318e0fdca24 (patch) | |
| tree | 26a5ae22988c6d75b72d40f79fb91d5a4c1befd2 /net/ipv6/ip6_gre.c | |
| parent | 63ecc3d9436f8012e49dc846d6cb0a85a3433517 (diff) | |
ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
Now in ip6gre_header before packing the ipv6 header, it skb_push t->hlen
which only includes encap_hlen + tun_hlen. It means greh and inner header
would be over written by ipv6 stuff and ipv6h might have no chance to set
up.
Jianlin found this issue when using remote any on ip6_gre, the packets he
captured on gre dev are truncated:
22:50:26.210866 Out ethertype IPv6 (0x86dd), length 120: truncated-ip6 -\
8128 bytes missing!(flowlabel 0x92f40, hlim 0, next-header Options (0) \
payload length: 8192) ::1:2000:0 > ::1:0:86dd: HBH [trunc] ip-proto-128 \
8184
It should also skb_push ipv6hdr so that ipv6h points to the right position
to set ipv6 stuff up.
This patch is to skb_push hlen + sizeof(*ipv6h) and also fix some indents
in ip6gre_header.
Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Reported-by: Jianlin Shi <jishi@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ip6_gre.c')
| -rw-r--r-- | net/ipv6/ip6_gre.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index b7a72d409334..20f66f4c9460 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c | |||
| @@ -940,24 +940,25 @@ done: | |||
| 940 | } | 940 | } |
| 941 | 941 | ||
| 942 | static int ip6gre_header(struct sk_buff *skb, struct net_device *dev, | 942 | static int ip6gre_header(struct sk_buff *skb, struct net_device *dev, |
| 943 | unsigned short type, | 943 | unsigned short type, const void *daddr, |
| 944 | const void *daddr, const void *saddr, unsigned int len) | 944 | const void *saddr, unsigned int len) |
| 945 | { | 945 | { |
| 946 | struct ip6_tnl *t = netdev_priv(dev); | 946 | struct ip6_tnl *t = netdev_priv(dev); |
| 947 | struct ipv6hdr *ipv6h = skb_push(skb, t->hlen); | 947 | struct ipv6hdr *ipv6h; |
| 948 | __be16 *p = (__be16 *)(ipv6h+1); | 948 | __be16 *p; |
| 949 | 949 | ||
| 950 | ip6_flow_hdr(ipv6h, 0, | 950 | ipv6h = skb_push(skb, t->hlen + sizeof(*ipv6h)); |
| 951 | ip6_make_flowlabel(dev_net(dev), skb, | 951 | ip6_flow_hdr(ipv6h, 0, ip6_make_flowlabel(dev_net(dev), skb, |
| 952 | t->fl.u.ip6.flowlabel, true, | 952 | t->fl.u.ip6.flowlabel, |
| 953 | &t->fl.u.ip6)); | 953 | true, &t->fl.u.ip6)); |
| 954 | ipv6h->hop_limit = t->parms.hop_limit; | 954 | ipv6h->hop_limit = t->parms.hop_limit; |
| 955 | ipv6h->nexthdr = NEXTHDR_GRE; | 955 | ipv6h->nexthdr = NEXTHDR_GRE; |
| 956 | ipv6h->saddr = t->parms.laddr; | 956 | ipv6h->saddr = t->parms.laddr; |
| 957 | ipv6h->daddr = t->parms.raddr; | 957 | ipv6h->daddr = t->parms.raddr; |
| 958 | 958 | ||
| 959 | p[0] = t->parms.o_flags; | 959 | p = (__be16 *)(ipv6h + 1); |
| 960 | p[1] = htons(type); | 960 | p[0] = t->parms.o_flags; |
| 961 | p[1] = htons(type); | ||
| 961 | 962 | ||
| 962 | /* | 963 | /* |
| 963 | * Set the source hardware address. | 964 | * Set the source hardware address. |