diff options
| author | Jason Wang <jasowang@redhat.com> | 2013-03-26 19:11:22 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-03-27 12:48:31 -0400 |
| commit | 40893fd0fd4e0eda8c6a53db6a8e6013b2d44c16 (patch) | |
| tree | f61f8374d9a77385ef06012256b68633edb27e2c | |
| parent | 5203cd28db6dc05c3618a602cf4cf81203d00257 (diff) | |
net: switch to use skb_probe_transport_header()
Switch to use the new help skb_probe_transport_header() to do the l4 header
probing for untrusted sources. For packets with partial csum, the header should
already been set by skb_partial_csum_set().
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/macvtap.c | 9 | ||||
| -rw-r--r-- | drivers/net/tun.c | 10 | ||||
| -rw-r--r-- | drivers/net/xen-netback/netback.c | 10 | ||||
| -rw-r--r-- | net/packet/af_packet.c | 22 |
4 files changed, 6 insertions, 45 deletions
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index acf6450ceff5..59e9605de316 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c | |||
| @@ -21,7 +21,6 @@ | |||
| 21 | #include <net/rtnetlink.h> | 21 | #include <net/rtnetlink.h> |
| 22 | #include <net/sock.h> | 22 | #include <net/sock.h> |
| 23 | #include <linux/virtio_net.h> | 23 | #include <linux/virtio_net.h> |
| 24 | #include <net/flow_keys.h> | ||
| 25 | 24 | ||
| 26 | /* | 25 | /* |
| 27 | * A macvtap queue is the central object of this driver, it connects | 26 | * A macvtap queue is the central object of this driver, it connects |
| @@ -646,7 +645,6 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, | |||
| 646 | int vnet_hdr_len = 0; | 645 | int vnet_hdr_len = 0; |
| 647 | int copylen = 0; | 646 | int copylen = 0; |
| 648 | bool zerocopy = false; | 647 | bool zerocopy = false; |
| 649 | struct flow_keys keys; | ||
| 650 | 648 | ||
| 651 | if (q->flags & IFF_VNET_HDR) { | 649 | if (q->flags & IFF_VNET_HDR) { |
| 652 | vnet_hdr_len = q->vnet_hdr_sz; | 650 | vnet_hdr_len = q->vnet_hdr_sz; |
| @@ -727,12 +725,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, | |||
| 727 | goto err_kfree; | 725 | goto err_kfree; |
| 728 | } | 726 | } |
| 729 | 727 | ||
| 730 | if (skb->ip_summed == CHECKSUM_PARTIAL) | 728 | skb_probe_transport_header(skb, ETH_HLEN); |
| 731 | skb_set_transport_header(skb, skb_checksum_start_offset(skb)); | ||
| 732 | else if (skb_flow_dissect(skb, &keys)) | ||
| 733 | skb_set_transport_header(skb, keys.thoff); | ||
| 734 | else | ||
| 735 | skb_set_transport_header(skb, ETH_HLEN); | ||
| 736 | 729 | ||
| 737 | rcu_read_lock_bh(); | 730 | rcu_read_lock_bh(); |
| 738 | vlan = rcu_dereference_bh(q->vlan); | 731 | vlan = rcu_dereference_bh(q->vlan); |
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 48cd73a2dc55..29538e6e914d 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c | |||
| @@ -70,7 +70,6 @@ | |||
| 70 | #include <net/sock.h> | 70 | #include <net/sock.h> |
| 71 | 71 | ||
| 72 | #include <asm/uaccess.h> | 72 | #include <asm/uaccess.h> |
| 73 | #include <net/flow_keys.h> | ||
| 74 | 73 | ||
| 75 | /* Uncomment to enable debugging */ | 74 | /* Uncomment to enable debugging */ |
| 76 | /* #define TUN_DEBUG 1 */ | 75 | /* #define TUN_DEBUG 1 */ |
| @@ -1050,7 +1049,6 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, | |||
| 1050 | bool zerocopy = false; | 1049 | bool zerocopy = false; |
| 1051 | int err; | 1050 | int err; |
| 1052 | u32 rxhash; | 1051 | u32 rxhash; |
| 1053 | struct flow_keys keys; | ||
| 1054 | 1052 | ||
| 1055 | if (!(tun->flags & TUN_NO_PI)) { | 1053 | if (!(tun->flags & TUN_NO_PI)) { |
| 1056 | if ((len -= sizeof(pi)) > total_len) | 1054 | if ((len -= sizeof(pi)) > total_len) |
| @@ -1205,13 +1203,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, | |||
| 1205 | } | 1203 | } |
| 1206 | 1204 | ||
| 1207 | skb_reset_network_header(skb); | 1205 | skb_reset_network_header(skb); |
| 1208 | 1206 | skb_probe_transport_header(skb, 0); | |
| 1209 | if (skb->ip_summed == CHECKSUM_PARTIAL) | ||
| 1210 | skb_set_transport_header(skb, skb_checksum_start_offset(skb)); | ||
| 1211 | else if (skb_flow_dissect(skb, &keys)) | ||
| 1212 | skb_set_transport_header(skb, keys.thoff); | ||
| 1213 | else | ||
| 1214 | skb_reset_transport_header(skb); | ||
| 1215 | 1207 | ||
| 1216 | rxhash = skb_get_rxhash(skb); | 1208 | rxhash = skb_get_rxhash(skb); |
| 1217 | netif_rx_ni(skb); | 1209 | netif_rx_ni(skb); |
diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c index fc8faa74b250..83905a97c56c 100644 --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c | |||
| @@ -39,7 +39,6 @@ | |||
| 39 | #include <linux/udp.h> | 39 | #include <linux/udp.h> |
| 40 | 40 | ||
| 41 | #include <net/tcp.h> | 41 | #include <net/tcp.h> |
| 42 | #include <net/flow_keys.h> | ||
| 43 | 42 | ||
| 44 | #include <xen/xen.h> | 43 | #include <xen/xen.h> |
| 45 | #include <xen/events.h> | 44 | #include <xen/events.h> |
| @@ -1506,14 +1505,7 @@ static void xen_netbk_tx_submit(struct xen_netbk *netbk) | |||
| 1506 | continue; | 1505 | continue; |
| 1507 | } | 1506 | } |
| 1508 | 1507 | ||
| 1509 | if (!skb_transport_header_was_set(skb)) { | 1508 | skb_probe_transport_header(skb, 0); |
| 1510 | struct flow_keys keys; | ||
| 1511 | |||
| 1512 | if (skb_flow_dissect(skb, &keys)) | ||
| 1513 | skb_set_transport_header(skb, keys.thoff); | ||
| 1514 | else | ||
| 1515 | skb_reset_transport_header(skb); | ||
| 1516 | } | ||
| 1517 | 1509 | ||
| 1518 | vif->dev->stats.rx_bytes += skb->len; | 1510 | vif->dev->stats.rx_bytes += skb->len; |
| 1519 | vif->dev->stats.rx_packets++; | 1511 | vif->dev->stats.rx_packets++; |
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 83fdd0a87eb6..8e4644ff8d34 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c | |||
| @@ -88,7 +88,6 @@ | |||
| 88 | #include <linux/virtio_net.h> | 88 | #include <linux/virtio_net.h> |
| 89 | #include <linux/errqueue.h> | 89 | #include <linux/errqueue.h> |
| 90 | #include <linux/net_tstamp.h> | 90 | #include <linux/net_tstamp.h> |
| 91 | #include <net/flow_keys.h> | ||
| 92 | 91 | ||
| 93 | #ifdef CONFIG_INET | 92 | #ifdef CONFIG_INET |
| 94 | #include <net/inet_common.h> | 93 | #include <net/inet_common.h> |
| @@ -1413,7 +1412,6 @@ static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock, | |||
| 1413 | __be16 proto = 0; | 1412 | __be16 proto = 0; |
| 1414 | int err; | 1413 | int err; |
| 1415 | int extra_len = 0; | 1414 | int extra_len = 0; |
| 1416 | struct flow_keys keys; | ||
| 1417 | 1415 | ||
| 1418 | /* | 1416 | /* |
| 1419 | * Get and verify the address. | 1417 | * Get and verify the address. |
| @@ -1514,10 +1512,7 @@ retry: | |||
| 1514 | if (unlikely(extra_len == 4)) | 1512 | if (unlikely(extra_len == 4)) |
| 1515 | skb->no_fcs = 1; | 1513 | skb->no_fcs = 1; |
| 1516 | 1514 | ||
| 1517 | if (skb_flow_dissect(skb, &keys)) | 1515 | skb_probe_transport_header(skb, 0); |
| 1518 | skb_set_transport_header(skb, keys.thoff); | ||
| 1519 | else | ||
| 1520 | skb_reset_transport_header(skb); | ||
| 1521 | 1516 | ||
| 1522 | dev_queue_xmit(skb); | 1517 | dev_queue_xmit(skb); |
| 1523 | rcu_read_unlock(); | 1518 | rcu_read_unlock(); |
| @@ -1925,7 +1920,6 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, | |||
| 1925 | struct page *page; | 1920 | struct page *page; |
| 1926 | void *data; | 1921 | void *data; |
| 1927 | int err; | 1922 | int err; |
| 1928 | struct flow_keys keys; | ||
| 1929 | 1923 | ||
| 1930 | ph.raw = frame; | 1924 | ph.raw = frame; |
| 1931 | 1925 | ||
| @@ -1950,11 +1944,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, | |||
| 1950 | 1944 | ||
| 1951 | skb_reserve(skb, hlen); | 1945 | skb_reserve(skb, hlen); |
| 1952 | skb_reset_network_header(skb); | 1946 | skb_reset_network_header(skb); |
| 1953 | 1947 | skb_probe_transport_header(skb, 0); | |
| 1954 | if (skb_flow_dissect(skb, &keys)) | ||
| 1955 | skb_set_transport_header(skb, keys.thoff); | ||
| 1956 | else | ||
| 1957 | skb_reset_transport_header(skb); | ||
| 1958 | 1948 | ||
| 1959 | if (po->tp_tx_has_off) { | 1949 | if (po->tp_tx_has_off) { |
| 1960 | int off_min, off_max, off; | 1950 | int off_min, off_max, off; |
| @@ -2212,7 +2202,6 @@ static int packet_snd(struct socket *sock, | |||
| 2212 | unsigned short gso_type = 0; | 2202 | unsigned short gso_type = 0; |
| 2213 | int hlen, tlen; | 2203 | int hlen, tlen; |
| 2214 | int extra_len = 0; | 2204 | int extra_len = 0; |
| 2215 | struct flow_keys keys; | ||
| 2216 | 2205 | ||
| 2217 | /* | 2206 | /* |
| 2218 | * Get and verify the address. | 2207 | * Get and verify the address. |
| @@ -2365,12 +2354,7 @@ static int packet_snd(struct socket *sock, | |||
| 2365 | len += vnet_hdr_len; | 2354 | len += vnet_hdr_len; |
| 2366 | } | 2355 | } |
| 2367 | 2356 | ||
| 2368 | if (skb->ip_summed == CHECKSUM_PARTIAL) | 2357 | skb_probe_transport_header(skb, reserve); |
| 2369 | skb_set_transport_header(skb, skb_checksum_start_offset(skb)); | ||
| 2370 | else if (skb_flow_dissect(skb, &keys)) | ||
| 2371 | skb_set_transport_header(skb, keys.thoff); | ||
| 2372 | else | ||
| 2373 | skb_set_transport_header(skb, reserve); | ||
| 2374 | 2358 | ||
| 2375 | if (unlikely(extra_len == 4)) | 2359 | if (unlikely(extra_len == 4)) |
| 2376 | skb->no_fcs = 1; | 2360 | skb->no_fcs = 1; |