| From foo@baz Wed Nov 21 13:17:56 CET 2018 |
| From: 배석진 <soukjin.bae@samsung.com> |
| Date: Fri, 9 Nov 2018 16:53:06 -0800 |
| Subject: flow_dissector: do not dissect l4 ports for fragments |
| |
| From: 배석진 <soukjin.bae@samsung.com> |
| |
| [ Upstream commit 62230715fd2453b3ba948c9d83cfb3ada9169169 ] |
| |
| Only first fragment has the sport/dport information, |
| not the following ones. |
| |
| If we want consistent hash for all fragments, we need to |
| ignore ports even for first fragment. |
| |
| This bug is visible for IPv6 traffic, if incoming fragments |
| do not have a flow label, since skb_get_hash() will give |
| different results for first fragment and following ones. |
| |
| It is also visible if any routing rule wants dissection |
| and sport or dport. |
| |
| See commit 5e5d6fed3741 ("ipv6: route: dissect flow |
| in input path if fib rules need it") for details. |
| |
| [edumazet] rewrote the changelog completely. |
| |
| Fixes: 06635a35d13d ("flow_dissect: use programable dissector in skb_flow_dissect and friends") |
| Signed-off-by: 배석진 <soukjin.bae@samsung.com> |
| Signed-off-by: Eric Dumazet <edumazet@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/core/flow_dissector.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/net/core/flow_dissector.c |
| +++ b/net/core/flow_dissector.c |
| @@ -538,8 +538,8 @@ ip_proto_again: |
| break; |
| } |
| |
| - if (dissector_uses_key(flow_dissector, |
| - FLOW_DISSECTOR_KEY_PORTS)) { |
| + if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS) && |
| + !(key_control->flags & FLOW_DIS_IS_FRAGMENT)) { |
| key_ports = skb_flow_dissector_target(flow_dissector, |
| FLOW_DISSECTOR_KEY_PORTS, |
| target_container); |
