ipv6: Select fragment id during UFO segmentation if not set.

If the IPv6 fragment id has not been set and we perform fragmentation due to UFO, select a new fragment id. We now consider a fragment id of 0 as unset and if id selection process returns 0 (after all the pertrubations), we set it to 0x80000000, thus giving us ample space not to create collisions with the next packet we may have to fragment. When doing UFO integrity checking, we also select the fragment id if it has not be set yet. This is stored into the skb_shinfo() thus allowing UFO to function correclty. This patch also removes duplicate fragment id generation code and moves ipv6_select_ident() into the header as it may be used during GSO. Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vlad Yasevich <vyasevich@gmail.com> 2015-02-03 16:36:15 -0500
committer: David S. Miller <davem@davemloft.net> 2015-02-04 02:06:43 -0500
commit: 0508c07f5e0c94f38afd5434e8b2a55b84553077 (patch)
tree: 268267ccdf554b7872644c5d5b52d4fccb2757ed
parent: 42b5212fee4f57907e9415b18fe19c13e65574bc (diff)
4 files changed, 47 insertions, 21 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 4292929392b0..9bf85d34c024 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -671,6 +671,9 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add
        return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
 }
+u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr *dst,
+                        struct in6_addr *src);
+void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt);
 void ipv6_proxy_select_ident(struct sk_buff *skb);
 int ip6_dst_hoplimit(struct dst_entry *dst);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index ce69a12ae48c..d28f2a2efb32 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -537,20 +537,6 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
        skb_copy_secmark(to, from);
 }
-static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
-{
-        static u32 ip6_idents_hashrnd __read_mostly;
-        u32 hash, id;
-        net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
-        hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
-        hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash);
-        id = ip_idents_reserve(hash, 1);
-        fhdr->identification = htonl(id);
-}
 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
 {
        struct sk_buff *frag;
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
index 97f41a3e68d9..54520a0bd5e3 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -9,6 +9,24 @@
 #include <net/addrconf.h>
 #include <net/secure_seq.h>
+u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr *dst, struct in6_addr *src)
+{
+        u32 hash, id;
+        hash = __ipv6_addr_jhash(dst, hashrnd);
+        hash = __ipv6_addr_jhash(src, hash);
+        /* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
+         * set the hight order instead thus minimizing possible future
+         * collisions.
+         */
+        id = ip_idents_reserve(hash, 1);
+        if (unlikely(!id))
+                id = 1 << 31;
+        return id;
+}
 /* This function exists only for tap drivers that must support broken
 * clients requesting UFO without specifying an IPv6 fragment ID.
 *
@@ -22,7 +40,7 @@ void ipv6_proxy_select_ident(struct sk_buff *skb)
        static u32 ip6_proxy_idents_hashrnd __read_mostly;
        struct in6_addr buf[2];
        struct in6_addr *addrs;
-        u32 hash, id;
+        u32 id;
        addrs = skb_header_pointer(skb,
                                   skb_network_offset(skb) +
@@ -34,14 +52,25 @@ void ipv6_proxy_select_ident(struct sk_buff *skb)
        net_get_random_once(&ip6_proxy_idents_hashrnd,
                            sizeof(ip6_proxy_idents_hashrnd));
-        hash = __ipv6_addr_jhash(&addrs[1], ip6_proxy_idents_hashrnd);
+        id = __ipv6_select_ident(ip6_proxy_idents_hashrnd,
-        hash = __ipv6_addr_jhash(&addrs[0], hash);
+                                 &addrs[1], &addrs[0]);
+        skb_shinfo(skb)->ip6_frag_id = id;
-        id = ip_idents_reserve(hash, 1);
-        skb_shinfo(skb)->ip6_frag_id = htonl(id);
 }
 EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
+void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+{
+        static u32 ip6_idents_hashrnd __read_mostly;
+        u32 id;
+        net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
+        id = __ipv6_select_ident(ip6_idents_hashrnd, &rt->rt6i_dst.addr,
+                                 &rt->rt6i_src.addr);
+        fhdr->identification = htonl(id);
+}
+EXPORT_SYMBOL(ipv6_select_ident);
 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
 {
        u16 offset = sizeof(struct ipv6hdr);
diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c
index b6aa8ed18257..a56276996b72 100644
--- a/net/ipv6/udp_offload.c
+++ b/net/ipv6/udp_offload.c
@@ -52,6 +52,10 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
                skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss);
+                /* Set the IPv6 fragment id if not set yet */
+                if (!skb_shinfo(skb)->ip6_frag_id)
+                        ipv6_proxy_select_ident(skb);
                segs = NULL;
                goto out;
        }
@@ -108,7 +112,11 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
                fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
                fptr->nexthdr = nexthdr;
                fptr->reserved = 0;
-                fptr->identification = skb_shinfo(skb)->ip6_frag_id;
+                if (skb_shinfo(skb)->ip6_frag_id)
+                        fptr->identification = skb_shinfo(skb)->ip6_frag_id;
+                else
+                        ipv6_select_ident(fptr,
+                                          (struct rt6_info *)skb_dst(skb));
                /* Fragment the skb. ipv6 header and the remaining fields of the
                 * fragment header are updated in ipv6_gso_segment()
author	Vlad Yasevich <vyasevich@gmail.com>	2015-02-03 16:36:15 -0500
committer	David S. Miller <davem@davemloft.net>	2015-02-04 02:06:43 -0500
commit	0508c07f5e0c94f38afd5434e8b2a55b84553077 (patch)
tree	268267ccdf554b7872644c5d5b52d4fccb2757ed
parent	42b5212fee4f57907e9415b18fe19c13e65574bc (diff)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 4292929392b0..9bf85d34c024 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h
@@ -671,6 +671,9 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add
671	return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));	671	return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
672	}	672	}
673		673
		674	u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr *dst,
		675	struct in6_addr *src);
		676	void ipv6_select_ident(struct frag_hdr fhdr, struct rt6_info rt);
674	void ipv6_proxy_select_ident(struct sk_buff *skb);	677	void ipv6_proxy_select_ident(struct sk_buff *skb);
675		678
676	int ip6_dst_hoplimit(struct dst_entry *dst);	679	int ip6_dst_hoplimit(struct dst_entry *dst);


diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index ce69a12ae48c..d28f2a2efb32 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c
@@ -537,20 +537,6 @@ static void ip6_copy_metadata(struct sk_buff to, struct sk_buff from)
537	skb_copy_secmark(to, from);	537	skb_copy_secmark(to, from);
538	}	538	}
539		539
540	static void ipv6_select_ident(struct frag_hdr fhdr, struct rt6_info rt)
541	{
542	static u32 ip6_idents_hashrnd __read_mostly;
543	u32 hash, id;
544
545	net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
546
547	hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
548	hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash);
549
550	id = ip_idents_reserve(hash, 1);
551	fhdr->identification = htonl(id);
552	}
553
554	int ip6_fragment(struct sk_buff skb, int (output)(struct sk_buff *))	540	int ip6_fragment(struct sk_buff skb, int (output)(struct sk_buff *))
555	{	541	{
556	struct sk_buff *frag;	542	struct sk_buff *frag;


diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c index 97f41a3e68d9..54520a0bd5e3 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c
@@ -9,6 +9,24 @@
9	#include <net/addrconf.h>	9	#include <net/addrconf.h>
10	#include <net/secure_seq.h>	10	#include <net/secure_seq.h>
11		11
		12	u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr dst, struct in6_addr src)
		13	{
		14	u32 hash, id;
		15
		16	hash = __ipv6_addr_jhash(dst, hashrnd);
		17	hash = __ipv6_addr_jhash(src, hash);
		18
		19	/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
		20	* set the hight order instead thus minimizing possible future
		21	* collisions.
		22	*/
		23	id = ip_idents_reserve(hash, 1);
		24	if (unlikely(!id))
		25	id = 1 << 31;
		26
		27	return id;
		28	}
		29
12	/* This function exists only for tap drivers that must support broken	30	/* This function exists only for tap drivers that must support broken
13	* clients requesting UFO without specifying an IPv6 fragment ID.	31	* clients requesting UFO without specifying an IPv6 fragment ID.
14	*	32	*
@@ -22,7 +40,7 @@ void ipv6_proxy_select_ident(struct sk_buff *skb)
22	static u32 ip6_proxy_idents_hashrnd __read_mostly;	40	static u32 ip6_proxy_idents_hashrnd __read_mostly;
23	struct in6_addr buf[2];	41	struct in6_addr buf[2];
24	struct in6_addr *addrs;	42	struct in6_addr *addrs;
25	u32 hash, id;	43	u32 id;
26		44
27	addrs = skb_header_pointer(skb,	45	addrs = skb_header_pointer(skb,
28	skb_network_offset(skb) +	46	skb_network_offset(skb) +
@@ -34,14 +52,25 @@ void ipv6_proxy_select_ident(struct sk_buff *skb)
34	net_get_random_once(&ip6_proxy_idents_hashrnd,	52	net_get_random_once(&ip6_proxy_idents_hashrnd,
35	sizeof(ip6_proxy_idents_hashrnd));	53	sizeof(ip6_proxy_idents_hashrnd));
36		54
37	hash = __ipv6_addr_jhash(&addrs[1], ip6_proxy_idents_hashrnd);	55	id = __ipv6_select_ident(ip6_proxy_idents_hashrnd,
38	hash = __ipv6_addr_jhash(&addrs[0], hash);	56	&addrs[1], &addrs[0]);
39		57	skb_shinfo(skb)->ip6_frag_id = id;
40	id = ip_idents_reserve(hash, 1);
41	skb_shinfo(skb)->ip6_frag_id = htonl(id);
42	}	58	}
43	EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);	59	EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
44		60
		61	void ipv6_select_ident(struct frag_hdr fhdr, struct rt6_info rt)
		62	{
		63	static u32 ip6_idents_hashrnd __read_mostly;
		64	u32 id;
		65
		66	net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
		67
		68	id = __ipv6_select_ident(ip6_idents_hashrnd, &rt->rt6i_dst.addr,
		69	&rt->rt6i_src.addr);
		70	fhdr->identification = htonl(id);
		71	}
		72	EXPORT_SYMBOL(ipv6_select_ident);
		73
45	int ip6_find_1stfragopt(struct sk_buff skb, u8 *nexthdr)	74	int ip6_find_1stfragopt(struct sk_buff skb, u8 *nexthdr)
46	{	75	{
47	u16 offset = sizeof(struct ipv6hdr);	76	u16 offset = sizeof(struct ipv6hdr);


diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c index b6aa8ed18257..a56276996b72 100644 --- a/net/ipv6/udp_offload.c +++ b/net/ipv6/udp_offload.c
@@ -52,6 +52,10 @@ static struct sk_buff udp6_ufo_fragment(struct sk_buff skb,
52		52
53	skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss);	53	skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss);
54		54
		55	/* Set the IPv6 fragment id if not set yet */
		56	if (!skb_shinfo(skb)->ip6_frag_id)
		57	ipv6_proxy_select_ident(skb);
		58
55	segs = NULL;	59	segs = NULL;
56	goto out;	60	goto out;
57	}	61	}
@@ -108,7 +112,11 @@ static struct sk_buff udp6_ufo_fragment(struct sk_buff skb,
108	fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);	112	fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
109	fptr->nexthdr = nexthdr;	113	fptr->nexthdr = nexthdr;
110	fptr->reserved = 0;	114	fptr->reserved = 0;
111	fptr->identification = skb_shinfo(skb)->ip6_frag_id;	115	if (skb_shinfo(skb)->ip6_frag_id)
		116	fptr->identification = skb_shinfo(skb)->ip6_frag_id;
		117	else
		118	ipv6_select_ident(fptr,
		119	(struct rt6_info *)skb_dst(skb));
112		120
113	/* Fragment the skb. ipv6 header and the remaining fields of the	121	/* Fragment the skb. ipv6 header and the remaining fields of the
114	* fragment header are updated in ipv6_gso_segment()	122	* fragment header are updated in ipv6_gso_segment()