aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2011-05-09 15:36:38 -0400
committerDavid S. Miller <davem@davemloft.net>2011-05-10 18:03:34 -0400
commit43a4dea4c9d44baae38ddc14b9b6d86fde4c8b88 (patch)
treeaf7ecb23077cf5b4ae1290f7d1ab5e901e7adb82 /net
parente14a599335427f81bbb0008963e59aa9c6449dce (diff)
xfrm: Assign the inner mode output function to the dst entry
As it is, we assign the outer modes output function to the dst entry when we create the xfrm bundle. This leads to two problems on interfamily scenarios. We might insert ipv4 packets into ip6_fragment when called from xfrm6_output. The system crashes if we try to fragment an ipv4 packet with ip6_fragment. This issue was introduced with git commit ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed). The second issue is, that we might insert ipv4 packets in netfilter6 and vice versa on interfamily scenarios. With this patch we assign the inner mode output function to the dst entry when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner mode is used and the right fragmentation and netfilter functions are called. We switch then to outer mode with the output_finish functions. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/xfrm4_output.c8
-rw-r--r--net/ipv4/xfrm4_state.c1
-rw-r--r--net/ipv6/xfrm6_output.c6
-rw-r--r--net/ipv6/xfrm6_state.c1
-rw-r--r--net/xfrm/xfrm_policy.c14
5 files changed, 24 insertions, 6 deletions
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 571aa96a175c..2d51840e53a1 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -69,7 +69,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
69} 69}
70EXPORT_SYMBOL(xfrm4_prepare_output); 70EXPORT_SYMBOL(xfrm4_prepare_output);
71 71
72static int xfrm4_output_finish(struct sk_buff *skb) 72int xfrm4_output_finish(struct sk_buff *skb)
73{ 73{
74#ifdef CONFIG_NETFILTER 74#ifdef CONFIG_NETFILTER
75 if (!skb_dst(skb)->xfrm) { 75 if (!skb_dst(skb)->xfrm) {
@@ -86,7 +86,11 @@ static int xfrm4_output_finish(struct sk_buff *skb)
86 86
87int xfrm4_output(struct sk_buff *skb) 87int xfrm4_output(struct sk_buff *skb)
88{ 88{
89 struct dst_entry *dst = skb_dst(skb);
90 struct xfrm_state *x = dst->xfrm;
91
89 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, 92 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb,
90 NULL, skb_dst(skb)->dev, xfrm4_output_finish, 93 NULL, dst->dev,
94 x->outer_mode->afinfo->output_finish,
91 !(IPCB(skb)->flags & IPSKB_REROUTED)); 95 !(IPCB(skb)->flags & IPSKB_REROUTED));
92} 96}
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 1717c64628d1..805d63ef4340 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -78,6 +78,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = {
78 .init_tempsel = __xfrm4_init_tempsel, 78 .init_tempsel = __xfrm4_init_tempsel,
79 .init_temprop = xfrm4_init_temprop, 79 .init_temprop = xfrm4_init_temprop,
80 .output = xfrm4_output, 80 .output = xfrm4_output,
81 .output_finish = xfrm4_output_finish,
81 .extract_input = xfrm4_extract_input, 82 .extract_input = xfrm4_extract_input,
82 .extract_output = xfrm4_extract_output, 83 .extract_output = xfrm4_extract_output,
83 .transport_finish = xfrm4_transport_finish, 84 .transport_finish = xfrm4_transport_finish,
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 8e688b3de9ab..49a91c5f5623 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -79,7 +79,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
79} 79}
80EXPORT_SYMBOL(xfrm6_prepare_output); 80EXPORT_SYMBOL(xfrm6_prepare_output);
81 81
82static int xfrm6_output_finish(struct sk_buff *skb) 82int xfrm6_output_finish(struct sk_buff *skb)
83{ 83{
84#ifdef CONFIG_NETFILTER 84#ifdef CONFIG_NETFILTER
85 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; 85 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
@@ -97,9 +97,9 @@ static int __xfrm6_output(struct sk_buff *skb)
97 if ((x && x->props.mode == XFRM_MODE_TUNNEL) && 97 if ((x && x->props.mode == XFRM_MODE_TUNNEL) &&
98 ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 98 ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
99 dst_allfrag(skb_dst(skb)))) { 99 dst_allfrag(skb_dst(skb)))) {
100 return ip6_fragment(skb, xfrm6_output_finish); 100 return ip6_fragment(skb, x->outer_mode->afinfo->output_finish);
101 } 101 }
102 return xfrm6_output_finish(skb); 102 return x->outer_mode->afinfo->output_finish(skb);
103} 103}
104 104
105int xfrm6_output(struct sk_buff *skb) 105int xfrm6_output(struct sk_buff *skb)
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index afe941e9415c..248f0b2a7ee9 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -178,6 +178,7 @@ static struct xfrm_state_afinfo xfrm6_state_afinfo = {
178 .tmpl_sort = __xfrm6_tmpl_sort, 178 .tmpl_sort = __xfrm6_tmpl_sort,
179 .state_sort = __xfrm6_state_sort, 179 .state_sort = __xfrm6_state_sort,
180 .output = xfrm6_output, 180 .output = xfrm6_output,
181 .output_finish = xfrm6_output_finish,
181 .extract_input = xfrm6_extract_input, 182 .extract_input = xfrm6_extract_input,
182 .extract_output = xfrm6_extract_output, 183 .extract_output = xfrm6_extract_output,
183 .transport_finish = xfrm6_transport_finish, 184 .transport_finish = xfrm6_transport_finish,
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 15792d8b6272..b4d745ea8ee1 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1406,6 +1406,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1406 struct net *net = xp_net(policy); 1406 struct net *net = xp_net(policy);
1407 unsigned long now = jiffies; 1407 unsigned long now = jiffies;
1408 struct net_device *dev; 1408 struct net_device *dev;
1409 struct xfrm_mode *inner_mode;
1409 struct dst_entry *dst_prev = NULL; 1410 struct dst_entry *dst_prev = NULL;
1410 struct dst_entry *dst0 = NULL; 1411 struct dst_entry *dst0 = NULL;
1411 int i = 0; 1412 int i = 0;
@@ -1436,6 +1437,17 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1436 goto put_states; 1437 goto put_states;
1437 } 1438 }
1438 1439
1440 if (xfrm[i]->sel.family == AF_UNSPEC) {
1441 inner_mode = xfrm_ip2inner_mode(xfrm[i],
1442 xfrm_af2proto(family));
1443 if (!inner_mode) {
1444 err = -EAFNOSUPPORT;
1445 dst_release(dst);
1446 goto put_states;
1447 }
1448 } else
1449 inner_mode = xfrm[i]->inner_mode;
1450
1439 if (!dst_prev) 1451 if (!dst_prev)
1440 dst0 = dst1; 1452 dst0 = dst1;
1441 else { 1453 else {
@@ -1464,7 +1476,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
1464 dst1->lastuse = now; 1476 dst1->lastuse = now;
1465 1477
1466 dst1->input = dst_discard; 1478 dst1->input = dst_discard;
1467 dst1->output = xfrm[i]->outer_mode->afinfo->output; 1479 dst1->output = inner_mode->afinfo->output;
1468 1480
1469 dst1->next = dst_prev; 1481 dst1->next = dst_prev;
1470 dst_prev = dst1; 1482 dst_prev = dst1;