1. 12 Mar, 2015 2 commits
  2. 11 Mar, 2015 1 commit
  3. 10 Mar, 2015 1 commit
    • Florian Westphal's avatar
      netfilter: fix sparse warnings in reject handling · a03a8dbe
      Florian Westphal authored
      make C=1 CF=-D__CHECK_ENDIAN__ shows following:
      net/bridge/netfilter/nft_reject_bridge.c:65:50: warning: incorrect type in argument 3 (different base types)
      net/bridge/netfilter/nft_reject_bridge.c:65:50:    expected restricted __be16 [usertype] protocol [..]
      net/bridge/netfilter/nft_reject_bridge.c:102:37: warning: cast from restricted __be16
      net/bridge/netfilter/nft_reject_bridge.c:102:37: warning: incorrect type in argument 1 (different base types) [..]
      net/bridge/netfilter/nft_reject_bridge.c:121:50: warning: incorrect type in argument 3 (different base types) [..]
      net/bridge/netfilter/nft_reject_bridge.c:168:52: warning: incorrect type in argument 3 (different base types) [..]
      net/bridge/netfilter/nft_reject_bridge.c:233:52: warning: incorrect type in argument 3 (different base types) [..]
      Caused by two (harmless) errors:
      1. htons() instead of ntohs()
      2. __be16 for protocol in nf_reject_ipXhdr_put API, use u8 instead.
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
  4. 09 Mar, 2015 1 commit
  5. 08 Mar, 2015 1 commit
    • Willem de Bruijn's avatar
      ip: fix error queue empty skb handling · c247f053
      Willem de Bruijn authored
      When reading from the error queue, msg_name and msg_control are only
      populated for some errors. A new exception for empty timestamp skbs
      added a false positive on icmp errors without payload.
      `traceroute -M udpconn` only displayed gateways that return payload
      with the icmp error: the embedded network headers are pulled before
      sock_queue_err_skb, leaving an skb with skb->len == 0 otherwise.
      Fix this regression by refining when msg_name and msg_control
      branches are taken. The solutions for the two fields are independent.
      msg_name only makes sense for errors that configure serr->port and
      serr->addr_offset. Test the first instead of skb->len. This also fixes
      another issue. saddr could hold the wrong data, as serr->addr_offset
      is not initialized  in some code paths, pointing to the start of the
      network header. It is only valid when serr->port is set (non-zero).
      msg_control support differs between IPv4 and IPv6. IPv4 only honors
      requests for ICMP and timestamps with SOF_TIMESTAMPING_OPT_CMSG. The
      skb->len test can simply be removed, because skb->dev is also tested
      and never true for empty skbs. IPv6 honors requests for all errors
      aside from local errors and timestamps on empty skbs.
      In both cases, make the policy more explicit by moving this logic to
      a new function that decides whether to process msg_control and that
      optionally prepares the necessary fields in skb->cb[]. After this
      change, the IPv4 and IPv6 paths are more similar.
      The last case is rxrpc. Here, simply refine to only match timestamps.
      Fixes: 49ca0d8b ("net-timestamp: no-payload option")
      Reported-by: default avatarJan Niehusmann <jan@gondor.com>
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
        - fix local origin test inversion in ip6_datagram_support_cmsg
        - make v4 and v6 code paths more similar by introducing analogous
        - fix compile bug in rxrpc
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  6. 05 Mar, 2015 1 commit
  7. 04 Mar, 2015 1 commit
    • Lorenzo Colitti's avatar
      net: ping: Return EAFNOSUPPORT when appropriate. · 9145736d
      Lorenzo Colitti authored
      1. For an IPv4 ping socket, ping_check_bind_addr does not check
         the family of the socket address that's passed in. Instead,
         make it behave like inet_bind, which enforces either that the
         address family is AF_INET, or that the family is AF_UNSPEC and
         the address is
      2. For an IPv6 ping socket, ping_check_bind_addr returns EINVAL
         if the socket family is not AF_INET6. Return EAFNOSUPPORT
         instead, for consistency with inet6_bind.
      3. Make ping_v4_sendmsg and ping_v6_sendmsg return EAFNOSUPPORT
         instead of EINVAL if an incorrect socket address structure is
         passed in.
      4. Make IPv6 ping sockets be IPv6-only. The code does not support
         IPv4, and it cannot easily be made to support IPv4 because
         the protocol numbers for ICMP and ICMPv6 are different. This
         makes connect(::ffff: fail with EAFNOSUPPORT instead
         of making the socket unusable.
      Among other things, this fixes an oops that can be triggered by:
          int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
          struct sockaddr_in6 sin6 = {
              .sin6_family = AF_INET6,
              .sin6_addr = in6addr_any,
          bind(s, (struct sockaddr *) &sin6, sizeof(sin6));
      Change-Id: If06ca86d9f1e4593c0d6df174caca3487c57a241
      Signed-off-by: default avatarLorenzo Colitti <lorenzo@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  8. 03 Mar, 2015 1 commit
    • Eric W. Biederman's avatar
      neigh: Factor out ___neigh_lookup_noref · 60395a20
      Eric W. Biederman authored
      While looking at the mpls code I found myself writing yet another
      version of neigh_lookup_noref.  We currently have __ipv4_lookup_noref
      and __ipv6_lookup_noref.
      So to make my work a little easier and to make it a smidge easier to
      verify/maintain the mpls code in the future I stopped and wrote
      ___neigh_lookup_noref.  Then I rewote __ipv4_lookup_noref and
      __ipv6_lookup_noref in terms of this new function.  I tested my new
      version by verifying that the same code is generated in
      ip_finish_output2 and ip6_finish_output2 where these functions are
      To get to ___neigh_lookup_noref I added a new neighbour cache table
      function key_eq.  So that the static size of the key would be
      I also added __neigh_lookup_noref for people who want to to lookup
      a neighbour table entry quickly but don't know which neibhgour table
      they are going to look up.
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  9. 02 Mar, 2015 4 commits
    • Michal Kubeček's avatar
      udp: only allow UFO for packets from SOCK_DGRAM sockets · acf8dd0a
      Michal Kubeček authored
      If an over-MTU UDP datagram is sent through a SOCK_RAW socket to a
      UFO-capable device, ip_ufo_append_data() sets skb->ip_summed to
      CHECKSUM_PARTIAL unconditionally as all GSO code assumes transport layer
      checksum is to be computed on segmentation. However, in this case,
      skb->csum_start and skb->csum_offset are never set as raw socket
      transmit path bypasses udp_send_skb() where they are usually set. As a
      result, driver may access invalid memory when trying to calculate the
      checksum and store the result (as observed in virtio_net driver).
      Moreover, the very idea of modifying the userspace provided UDP header
      is IMHO against raw socket semantics (I wasn't able to find a document
      clearly stating this or the opposite, though). And while allowing
      CHECKSUM_NONE in the UFO case would be more efficient, it would be a bit
      too intrusive change just to handle a corner case like this. Therefore
      disallowing UFO for packets from SOCK_DGRAM seems to be the best option.
      Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Florian Westphal's avatar
      netfilter: reject: don't send icmp error if csum is invalid · ee586bbc
      Florian Westphal authored
      tcp resets are never emitted if the packet that triggers the
      reject/reset has an invalid checksum.
      For icmp error responses there was no such check.
      It allows to distinguish icmp response generated via
      iptables -I INPUT -p udp --dport 42 -j REJECT
      and those emitted by network stack (won't respond if csum is invalid,
      REJECT does).
      Arguably its possible to avoid this by using conntrack and only
      using REJECT with -m conntrack NEW/RELATED.
      However, this doesn't work when connection tracking is not in use
      or when using nf_conntrack_checksum=0.
      Furthermore, sending errors in response to invalid csums doesn't make
      much sense so just add similar test as in nf_send_reset.
      Validate csum if needed and only send the response if it is ok.
      Reference: http://bugzilla.redhat.com/show_bug.cgi?id=1169829Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    • Eric W. Biederman's avatar
      neigh: Don't require dst in neigh_hh_init · bdf53c58
      Eric W. Biederman authored
      - Add protocol to neigh_tbl so that dst->ops->protocol is not needed
      - Acquire the device from neigh->dev
      This results in a neigh_hh_init that will cache the samve values
      regardless of the packets flowing through it.
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Ying Xue's avatar
      net: Remove iocb argument from sendmsg and recvmsg · 1b784140
      Ying Xue authored
      After TIPC doesn't depend on iocb argument in its internal
      implementations of sendmsg() and recvmsg() hooks defined in proto
      structure, no any user is using iocb argument in them at all now.
      Then we can drop the redundant iocb argument completely from kinds of
      implementations of both sendmsg() and recvmsg() in the entire
      networking stack.
      Cc: Christoph Hellwig <hch@lst.de>
      Suggested-by: default avatarAl Viro <viro@ZenIV.linux.org.uk>
      Signed-off-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  10. 01 Mar, 2015 1 commit
  11. 28 Feb, 2015 1 commit
  12. 27 Feb, 2015 2 commits
  13. 24 Feb, 2015 1 commit
  14. 23 Feb, 2015 1 commit
    • Marcelo Leitner's avatar
      ipv6: addrconf: validate new MTU before applying it · 77751427
      Marcelo Leitner authored
      Currently we don't check if the new MTU is valid or not and this allows
      one to configure a smaller than minimum allowed by RFCs or even bigger
      than interface own MTU, which is a problem as it may lead to packet
      If you have a daemon like NetworkManager running, this may be exploited
      by remote attackers by forging RA packets with an invalid MTU, possibly
      leading to a DoS. (NetworkManager currently only validates for values
      too small, but not for too big ones.)
      The fix is just to make sure the new value is valid. That is, between
      IPV6_MIN_MTU and interface's MTU.
      Note that similar check is already performed at
      ndisc_router_discovery(), for when kernel itself parses the RA.
      Signed-off-by: default avatarMarcelo Ricardo Leitner <mleitner@redhat.com>
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  15. 21 Feb, 2015 1 commit
  16. 14 Feb, 2015 1 commit
    • Martin KaFai Lau's avatar
      ipv6: fix ipv6_cow_metrics for non DST_HOST case · 3b471175
      Martin KaFai Lau authored
      ipv6_cow_metrics() currently assumes only DST_HOST routes require
      dynamic metrics allocation from inetpeer.  The assumption breaks
      when ndisc discovered router with RTAX_MTU and RTAX_HOPLIMIT metric.
      Refer to ndisc_router_discovery() in ndisc.c and note that dst_metric_set()
      is called after the route is created.
      This patch creates the metrics array (by calling dst_cow_metrics_generic) in
      interface qemubr0
      	AdvLinkMTU 1300;
      	AdvCurHopLimit 30;
      	prefix fd00:face:face:face::/64
      		AdvOnLink on;
      		AdvAutonomous on;
      		AdvRouterAddr off;
      [root@qemu1 ~]# ip -6 r show | egrep -v unreachable
      fd00:face:face:face::/64 dev eth0  proto kernel  metric 256  expires 27sec
      fe80::/64 dev eth0  proto kernel  metric 256
      default via fe80::74df:d0ff:fe23:8ef2 dev eth0  proto ra  metric 1024  expires 27sec
      [root@qemu1 ~]# ip -6 r show | egrep -v unreachable
      fd00:face:face:face::/64 dev eth0  proto kernel  metric 256  expires 27sec mtu 1300
      fe80::/64 dev eth0  proto kernel  metric 256  mtu 1300
      default via fe80::74df:d0ff:fe23:8ef2 dev eth0  proto ra  metric 1024  expires 27sec mtu 1300 hoplimit 30
      Fixes: 8e2ec639 (ipv6: don't use inetpeer to store metrics for routes.)
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  17. 12 Feb, 2015 1 commit
    • Jan Stancek's avatar
      ipv6: fix possible deadlock in ip6_fl_purge / ip6_fl_gc · 4762fb98
      Jan Stancek authored
      Use spin_lock_bh in ip6_fl_purge() to prevent following potentially
      deadlock scenario between ip6_fl_purge() and ip6_fl_gc() timer.
        [ INFO: inconsistent lock state ]
        3.19.0 #1 Not tainted
        inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
        swapper/5/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
         (ip6_fl_lock){+.?...}, at: [<ffffffff8171155d>] ip6_fl_gc+0x2d/0x180
        {SOFTIRQ-ON-W} state was registered at:
          [<ffffffff810ee9a0>] __lock_acquire+0x4a0/0x10b0
          [<ffffffff810efd54>] lock_acquire+0xc4/0x2b0
          [<ffffffff81751d2d>] _raw_spin_lock+0x3d/0x80
          [<ffffffff81711798>] ip6_flowlabel_net_exit+0x28/0x110
          [<ffffffff815f9759>] ops_exit_list.isra.1+0x39/0x60
          [<ffffffff815fa320>] cleanup_net+0x100/0x1e0
          [<ffffffff810ad80a>] process_one_work+0x20a/0x830
          [<ffffffff810adf4b>] worker_thread+0x11b/0x460
          [<ffffffff810b42f4>] kthread+0x104/0x120
          [<ffffffff81752bfc>] ret_from_fork+0x7c/0xb0
        irq event stamp: 84640
        hardirqs last  enabled at (84640): [<ffffffff81752080>] _raw_spin_unlock_irq+0x30/0x50
        hardirqs last disabled at (84639): [<ffffffff81751eff>] _raw_spin_lock_irq+0x1f/0x80
        softirqs last  enabled at (84628): [<ffffffff81091ad1>] _local_bh_enable+0x21/0x50
        softirqs last disabled at (84629): [<ffffffff81093b7d>] irq_exit+0x12d/0x150
        other info that might help us debug this:
         Possible unsafe locking scenario:
         *** DEADLOCK ***
      Signed-off-by: default avatarJan Stancek <jstancek@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  18. 11 Feb, 2015 2 commits
  19. 09 Feb, 2015 2 commits
  20. 08 Feb, 2015 1 commit
    • Michael Büsch's avatar
      rt6_probe_deferred: Do not depend on struct ordering · 662f5533
      Michael Büsch authored
      rt6_probe allocates a struct __rt6_probe_work and schedules a work handler rt6_probe_deferred.
      But rt6_probe_deferred kfree's the struct work_struct instead of struct __rt6_probe_work.
      This works, because struct work_struct is the first element of struct __rt6_probe_work.
      Change it to kfree struct __rt6_probe_work to not implicitly depend on
      struct work_struct being the first element.
      This does not affect the generated code.
      Signed-off-by: default avatarMichael Buesch <m@bues.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  21. 06 Feb, 2015 1 commit
  22. 05 Feb, 2015 3 commits
    • Erik Kline's avatar
      net: ipv6: allow explicitly choosing optimistic addresses · c58da4c6
      Erik Kline authored
      RFC 4429 ("Optimistic DAD") states that optimistic addresses
      should be treated as deprecated addresses.  From section 2.1:
         Unless noted otherwise, components of the IPv6 protocol stack
         should treat addresses in the Optimistic state equivalently to
         those in the Deprecated state, indicating that the address is
         available for use but should not be used if another suitable
         address is available.
      Optimistic addresses are indeed avoided when other addresses are
      available (i.e. at source address selection time), but they have
      not heretofore been available for things like explicit bind() and
      sendmsg() with struct in6_pktinfo, etc.
      This change makes optimistic addresses treated more like
      deprecated addresses than tentative ones.
      Signed-off-by: default avatarErik Kline <ek@google.com>
      Acked-by: default avatarLorenzo Colitti <lorenzo@google.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Eric Dumazet's avatar
      sit: fix some __be16/u16 mismatches · a409caec
      Eric Dumazet authored
      Fixes following sparse warnings :
      net/ipv6/sit.c:1509:32: warning: incorrect type in assignment (different base types)
      net/ipv6/sit.c:1509:32:    expected restricted __be16 [usertype] sport
      net/ipv6/sit.c:1509:32:    got unsigned short
      net/ipv6/sit.c:1514:32: warning: incorrect type in assignment (different base types)
      net/ipv6/sit.c:1514:32:    expected restricted __be16 [usertype] dport
      net/ipv6/sit.c:1514:32:    got unsigned short
      net/ipv6/sit.c:1711:38: warning: incorrect type in argument 3 (different base types)
      net/ipv6/sit.c:1711:38:    expected unsigned short [unsigned] [usertype] value
      net/ipv6/sit.c:1711:38:    got restricted __be16 [usertype] sport
      net/ipv6/sit.c:1713:38: warning: incorrect type in argument 3 (different base types)
      net/ipv6/sit.c:1713:38:    expected unsigned short [unsigned] [usertype] value
      net/ipv6/sit.c:1713:38:    got restricted __be16 [usertype] dport
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Sabrina Dubroca's avatar
      ip6_gre: fix endianness errors in ip6gre_err · d1e158e2
      Sabrina Dubroca authored
      info is in network byte order, change it back to host byte order
      before use. In particular, the current code sets the MTU of the tunnel
      to a wrong (too big) value.
      Fixes: c12b395a ("gre: Support GRE over IPv6")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  23. 04 Feb, 2015 1 commit
    • Vlad Yasevich's avatar
      ipv6: Select fragment id during UFO segmentation if not set. · 0508c07f
      Vlad Yasevich authored
      If the IPv6 fragment id has not been set and we perform
      fragmentation due to UFO, select a new fragment id.
      We now consider a fragment id of 0 as unset and if id selection
      process returns 0 (after all the pertrubations), we set it to
      0x80000000, thus giving us ample space not to create collisions
      with the next packet we may have to fragment.
      When doing UFO integrity checking, we also select the
      fragment id if it has not be set yet.   This is stored into
      the skb_shinfo() thus allowing UFO to function correclty.
      This patch also removes duplicate fragment id generation code
      and moves ipv6_select_ident() into the header as it may be
      used during GSO.
      Signed-off-by: default avatarVladislav Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  24. 03 Feb, 2015 3 commits
  25. 02 Feb, 2015 5 commits