aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2011-12-21 23:15:53 -0500
committerDavid S. Miller <davem@davemloft.net>2011-12-22 22:34:56 -0500
commite688a604807647c9450f9c12a7cb6d027150a895 (patch)
tree6b3df826b4a42affdfc9d58d74f5e17c063cc7d6
parent7838f2ce36b6ab5c13ef20b1857e3bbd567f1759 (diff)
net: introduce DST_NOPEER dst flag
Chris Boot reported crashes occurring in ipv6_select_ident(). [ 461.457562] RIP: 0010:[<ffffffff812dde61>] [<ffffffff812dde61>] ipv6_select_ident+0x31/0xa7 [ 461.578229] Call Trace: [ 461.580742] <IRQ> [ 461.582870] [<ffffffff812efa7f>] ? udp6_ufo_fragment+0x124/0x1a2 [ 461.589054] [<ffffffff812dbfe0>] ? ipv6_gso_segment+0xc0/0x155 [ 461.595140] [<ffffffff812700c6>] ? skb_gso_segment+0x208/0x28b [ 461.601198] [<ffffffffa03f236b>] ? ipv6_confirm+0x146/0x15e [nf_conntrack_ipv6] [ 461.608786] [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77 [ 461.614227] [<ffffffff81271d64>] ? dev_hard_start_xmit+0x357/0x543 [ 461.620659] [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111 [ 461.626440] [<ffffffffa0379745>] ? br_parse_ip_options+0x19a/0x19a [bridge] [ 461.633581] [<ffffffff812722ff>] ? dev_queue_xmit+0x3af/0x459 [ 461.639577] [<ffffffffa03747d2>] ? br_dev_queue_push_xmit+0x72/0x76 [bridge] [ 461.646887] [<ffffffffa03791e3>] ? br_nf_post_routing+0x17d/0x18f [bridge] [ 461.653997] [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77 [ 461.659473] [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge] [ 461.665485] [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111 [ 461.671234] [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge] [ 461.677299] [<ffffffffa0379215>] ? nf_bridge_update_protocol+0x20/0x20 [bridge] [ 461.684891] [<ffffffffa03bb0e5>] ? nf_ct_zone+0xa/0x17 [nf_conntrack] [ 461.691520] [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge] [ 461.697572] [<ffffffffa0374812>] ? NF_HOOK.constprop.8+0x3c/0x56 [bridge] [ 461.704616] [<ffffffffa0379031>] ? nf_bridge_push_encap_header+0x1c/0x26 [bridge] [ 461.712329] [<ffffffffa037929f>] ? br_nf_forward_finish+0x8a/0x95 [bridge] [ 461.719490] [<ffffffffa037900a>] ? nf_bridge_pull_encap_header+0x1c/0x27 [bridge] [ 461.727223] [<ffffffffa0379974>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge] [ 461.734292] [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77 [ 461.739758] [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge] [ 461.746203] [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111 [ 461.751950] [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge] [ 461.758378] [<ffffffffa037533a>] ? NF_HOOK.constprop.4+0x56/0x56 [bridge] This is caused by bridge netfilter special dst_entry (fake_rtable), a special shared entry, where attaching an inetpeer makes no sense. Problem is present since commit 87c48fa3b46 (ipv6: make fragment identifications less predictable) Introduce DST_NOPEER dst flag and make sure ipv6_select_ident() and __ip_select_ident() fallback to the 'no peer attached' handling. Reported-by: Chris Boot <bootc@bootc.net> Tested-by: Chris Boot <bootc@bootc.net> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/dst.h1
-rw-r--r--net/bridge/br_netfilter.c2
-rw-r--r--net/ipv4/route.c4
-rw-r--r--net/ipv6/ip6_output.c2
4 files changed, 5 insertions, 4 deletions
diff --git a/include/net/dst.h b/include/net/dst.h
index 6faec1a6021..75766b42660 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -53,6 +53,7 @@ struct dst_entry {
53#define DST_NOHASH 0x0008 53#define DST_NOHASH 0x0008
54#define DST_NOCACHE 0x0010 54#define DST_NOCACHE 0x0010
55#define DST_NOCOUNT 0x0020 55#define DST_NOCOUNT 0x0020
56#define DST_NOPEER 0x0040
56 57
57 short error; 58 short error;
58 short obsolete; 59 short obsolete;
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 08757dc670a..fa8b8f76358 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -147,7 +147,7 @@ void br_netfilter_rtable_init(struct net_bridge *br)
147 rt->dst.dev = br->dev; 147 rt->dst.dev = br->dev;
148 rt->dst.path = &rt->dst; 148 rt->dst.path = &rt->dst;
149 dst_init_metrics(&rt->dst, br_dst_default_metrics, true); 149 dst_init_metrics(&rt->dst, br_dst_default_metrics, true);
150 rt->dst.flags = DST_NOXFRM; 150 rt->dst.flags = DST_NOXFRM | DST_NOPEER;
151 rt->dst.ops = &fake_dst_ops; 151 rt->dst.ops = &fake_dst_ops;
152} 152}
153 153
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 85cc053d9d6..94cdbc55ca7 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1367,7 +1367,7 @@ void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
1367{ 1367{
1368 struct rtable *rt = (struct rtable *) dst; 1368 struct rtable *rt = (struct rtable *) dst;
1369 1369
1370 if (rt) { 1370 if (rt && !(rt->dst.flags & DST_NOPEER)) {
1371 if (rt->peer == NULL) 1371 if (rt->peer == NULL)
1372 rt_bind_peer(rt, rt->rt_dst, 1); 1372 rt_bind_peer(rt, rt->rt_dst, 1);
1373 1373
@@ -1378,7 +1378,7 @@ void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
1378 iph->id = htons(inet_getid(rt->peer, more)); 1378 iph->id = htons(inet_getid(rt->peer, more));
1379 return; 1379 return;
1380 } 1380 }
1381 } else 1381 } else if (!rt)
1382 printk(KERN_DEBUG "rt_bind_peer(0) @%p\n", 1382 printk(KERN_DEBUG "rt_bind_peer(0) @%p\n",
1383 __builtin_return_address(0)); 1383 __builtin_return_address(0));
1384 1384
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 84d0bd5cac9..ec562713db9 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -603,7 +603,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
603 static atomic_t ipv6_fragmentation_id; 603 static atomic_t ipv6_fragmentation_id;
604 int old, new; 604 int old, new;
605 605
606 if (rt) { 606 if (rt && !(rt->dst.flags & DST_NOPEER)) {
607 struct inet_peer *peer; 607 struct inet_peer *peer;
608 608
609 if (!rt->rt6i_peer) 609 if (!rt->rt6i_peer)