niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity

net/ipv4: Initialize proto and ports in flow struct

Browse source 
Updating the FIB tracepoint for the recent change to allow rules using
the protocol and ports exposed a few places where the entries in the flow
struct are not initialized.

For __fib_validate_source add the call to fib4_rules_early_flow_dissect
since it is invoked for the input path. For netfilter, add the memset on
the flow struct to avoid future problems like this. In ip_route_input_slow
need to set the fields if the skb dissection does not happen.

Fixes: bfff486265 ("net: fib_rules: support for match on ip_proto, sport and dport")
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2018-05-16 13:36:40 -07:00 committed by David S. Miller
parent 8ab6ffba14
commit 5a847a6e14
3 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
net/ipv4/fib_frontend.c
View file

@ -326,10 +326,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
u8 tos, int oif, struct net_device *dev, u8 tos, int oif, struct net_device *dev,
int rpf, struct in_device *idev, u32 *itag) int rpf, struct in_device *idev, u32 *itag)
{ {
struct net *net = dev_net(dev);
struct flow_keys flkeys;
int ret, no_addr; int ret, no_addr;
struct fib_result res; struct fib_result res;
struct flowi4 fl4; struct flowi4 fl4;
struct net *net = dev_net(dev);
bool dev_match; bool dev_match;
fl4.flowi4_oif = 0; fl4.flowi4_oif = 0;
@ -347,6 +348,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
no_addr = idev->ifa_list == NULL; no_addr = idev->ifa_list == NULL;
fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0; fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0;
if (!fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys)) {
fl4.flowi4_proto = 0;
fl4.fl4_sport = 0;
fl4.fl4_dport = 0;
}
trace_fib_validate_source(dev, &fl4); trace_fib_validate_source(dev, &fl4);

2
net/ipv4/netfilter/ipt_rpfilter.c
View file

@ -89,10 +89,10 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
return true ^ invert; return true ^ invert;
} }
memset(&flow, 0, sizeof(flow));
flow.flowi4_iif = LOOPBACK_IFINDEX; flow.flowi4_iif = LOOPBACK_IFINDEX;
flow.daddr = iph->saddr; flow.daddr = iph->saddr;
flow.saddr = rpfilter_get_saddr(iph->daddr); flow.saddr = rpfilter_get_saddr(iph->daddr);
flow.flowi4_oif = 0;
flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0; flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
flow.flowi4_tos = RT_TOS(iph->tos); flow.flowi4_tos = RT_TOS(iph->tos);
flow.flowi4_scope = RT_SCOPE_UNIVERSE; flow.flowi4_scope = RT_SCOPE_UNIVERSE;

7
net/ipv4/route.c
View file

@ -1961,8 +1961,13 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
fl4.saddr = saddr; fl4.saddr = saddr;
fl4.flowi4_uid = sock_net_uid(net, NULL); fl4.flowi4_uid = sock_net_uid(net, NULL);
if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
flkeys = &_flkeys; flkeys = &_flkeys;
} else {
fl4.flowi4_proto = 0;
fl4.fl4_sport = 0;
fl4.fl4_dport = 0;
}
err = fib_lookup(net, &fl4, res, 0); err = fib_lookup(net, &fl4, res, 0);
if (err != 0) { if (err != 0) {