summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorJiri Benc <jbenc@redhat.com>2015-08-28 20:48:20 +0200
committerDavid S. Miller <davem@davemloft.net>2015-08-29 13:07:54 -0700
commit7f9562a1f405306eacb97f95d78cb996e33f27f5 (patch)
tree298378f868e85024a908e9bae1e0754fc59e169e /drivers
parent46fa062ad63146dd138ec0f017e71224471e8ea5 (diff)
downloadlinux-7f9562a1f405306eacb97f95d78cb996e33f27f5.tar.gz
linux-7f9562a1f405306eacb97f95d78cb996e33f27f5.tar.bz2
linux-7f9562a1f405306eacb97f95d78cb996e33f27f5.zip
ip_tunnels: record IP version in tunnel info
There's currently nothing preventing directing packets with IPv6 encapsulation data to IPv4 tunnels (and vice versa). If this happens, IPv6 addresses are incorrectly interpreted as IPv4 ones. Track whether the given ip_tunnel_key contains IPv4 or IPv6 data. Store this in ip_tunnel_info. Reject packets at appropriate places if they are supposed to be encapsulated into an incompatible protocol. Signed-off-by: Jiri Benc <jbenc@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Thomas Graf <tgraf@suug.ch> Acked-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/net/geneve.c2
-rw-r--r--drivers/net/vxlan.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 4a39c09f144c..3908a22f23d1 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -627,6 +627,8 @@ static netdev_tx_t geneve_xmit(struct sk_buff *skb, struct net_device *dev)
netdev_dbg(dev, "no tunnel metadata\n");
goto tx_error;
}
+ if (info && ip_tunnel_info_af(info) != AF_INET)
+ goto tx_error;
}
rt = geneve_get_rt(skb, dev, &fl4, info);
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index bd1b8cdf2bf6..e3adfe0ef66b 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1903,6 +1903,8 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
dev->name);
goto drop;
}
+ if (family != ip_tunnel_info_af(info))
+ goto drop;
dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
vni = be64_to_cpu(info->key.tun_id);