| From foo@baz Fri Mar 16 15:43:17 CET 2018 |
| From: Mahesh Bandewar <maheshb@google.com> |
| Date: Thu, 7 Dec 2017 15:15:43 -0800 |
| Subject: ipvlan: add L2 check for packets arriving via virtual devices |
| |
| From: Mahesh Bandewar <maheshb@google.com> |
| |
| |
| [ Upstream commit 92ff42645028fa6f9b8aa767718457b9264316b4 ] |
| |
| Packets that don't have dest mac as the mac of the master device should |
| not be entertained by the IPvlan rx-handler. This is mostly true as the |
| packet path mostly takes care of that, except when the master device is |
| a virtual device. As demonstrated in the following case - |
| |
| ip netns add ns1 |
| ip link add ve1 type veth peer name ve2 |
| ip link add link ve2 name iv1 type ipvlan mode l2 |
| ip link set dev iv1 netns ns1 |
| ip link set ve1 up |
| ip link set ve2 up |
| ip -n ns1 link set iv1 up |
| ip addr add 192.168.10.1/24 dev ve1 |
| ip -n ns1 addr 192.168.10.2/24 dev iv1 |
| ping -c2 192.168.10.2 |
| <Works!> |
| ip neigh show dev ve1 |
| ip neigh show 192.168.10.2 lladdr <random> dev ve1 |
| ping -c2 192.168.10.2 |
| <Still works! Wrong!!> |
| |
| This patch adds that missing check in the IPvlan rx-handler. |
| |
| Reported-by: Amit Sikka <amit.sikka@ericsson.com> |
| Signed-off-by: Mahesh Bandewar <maheshb@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/ipvlan/ipvlan_core.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/drivers/net/ipvlan/ipvlan_core.c |
| +++ b/drivers/net/ipvlan/ipvlan_core.c |
| @@ -304,6 +304,10 @@ static int ipvlan_rcv_frame(struct ipvl_ |
| if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS) |
| success = true; |
| } else { |
| + if (!ether_addr_equal_64bits(eth_hdr(skb)->h_dest, |
| + ipvlan->phy_dev->dev_addr)) |
| + skb->pkt_type = PACKET_OTHERHOST; |
| + |
| ret = RX_HANDLER_ANOTHER; |
| success = true; |
| } |