| From: =?UTF-8?q?Michal=20Kube=C4=8Dek?= <mkubecek@suse.cz> |
| Date: Tue, 3 Nov 2015 08:51:07 +0100 |
| Subject: ipv6: fix tunnel error handling |
| |
| commit ebac62fe3d24c0ce22dd83afa7b07d1a2aaef44d upstream. |
| |
| Both tunnel6_protocol and tunnel46_protocol share the same error |
| handler, tunnel6_err(), which traverses through tunnel6_handlers list. |
| For ipip6 tunnels, we need to traverse tunnel46_handlers as we do e.g. |
| in tunnel46_rcv(). Current code can generate an ICMPv6 error message |
| with an IPv4 packet embedded in it. |
| |
| Fixes: 73d605d1abbd ("[IPSEC]: changing API of xfrm6_tunnel_register") |
| Signed-off-by: Michal Kubecek <mkubecek@suse.cz> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| net/ipv6/tunnel6.c | 12 +++++++++++- |
| 1 file changed, 11 insertions(+), 1 deletion(-) |
| |
| --- a/net/ipv6/tunnel6.c |
| +++ b/net/ipv6/tunnel6.c |
| @@ -145,6 +145,16 @@ static void tunnel6_err(struct sk_buff * |
| break; |
| } |
| |
| +static void tunnel46_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
| + u8 type, u8 code, int offset, __be32 info) |
| +{ |
| + struct xfrm6_tunnel *handler; |
| + |
| + for_each_tunnel_rcu(tunnel46_handlers, handler) |
| + if (!handler->err_handler(skb, opt, type, code, offset, info)) |
| + break; |
| +} |
| + |
| static const struct inet6_protocol tunnel6_protocol = { |
| .handler = tunnel6_rcv, |
| .err_handler = tunnel6_err, |
| @@ -153,7 +163,7 @@ static const struct inet6_protocol tunne |
| |
| static const struct inet6_protocol tunnel46_protocol = { |
| .handler = tunnel46_rcv, |
| - .err_handler = tunnel6_err, |
| + .err_handler = tunnel46_err, |
| .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, |
| }; |
| |
