diff options
| author | Davide Caratti <dcaratti@redhat.com> | 2019-10-12 14:55:07 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-10-16 03:14:48 +0300 |
| commit | fa4e0f8855fcba600e0be2575ee29c69166f74bd (patch) | |
| tree | 3224a12d0c83472a92df41f3dfff6c48b6fd1f64 /security/commoncap.c | |
| parent | dedc5a08da07874c6e0d411e7f39c5c2cf137014 (diff) | |
| download | linux-fa4e0f8855fcba600e0be2575ee29c69166f74bd.tar.xz | |
net/sched: fix corrupted L2 header with MPLS 'push' and 'pop' actions
the following script:
# tc qdisc add dev eth0 clsact
# tc filter add dev eth0 egress protocol ip matchall \
> action mpls push protocol mpls_uc label 0x355aa bos 1
causes corruption of all IP packets transmitted by eth0. On TC egress, we
can't rely on the value of skb->mac_len, because it's 0 and a MPLS 'push'
operation will result in an overwrite of the first 4 octets in the packet
L2 header (e.g. the Destination Address if eth0 is an Ethernet); the same
error pattern is present also in the MPLS 'pop' operation. Fix this error
in act_mpls data plane, computing 'mac_len' as the difference between the
network header and the mac header (when not at TC ingress), and use it in
MPLS 'push'/'pop' core functions.
v2: unbreak 'make htmldocs' because of missing documentation of 'mac_len'
in skb_mpls_pop(), reported by kbuild test robot
CC: Lorenzo Bianconi <lorenzo@kernel.org>
Fixes: 2a2ea50870ba ("net: sched: add mpls manipulation actions to TC")
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: John Hurley <john.hurley@netronome.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/commoncap.c')
0 files changed, 0 insertions, 0 deletions