Commit cd23f0e1 authored by Michal Kubeček's avatar Michal Kubeček Committed by Zefan Li

ipv6: fix tunnel error handling

commit ebac62fe upstream.

Both tunnel6_protocol and tunnel46_protocol share the same error
handler, tunnel6_err(), which traverses through tunnel6_handlers list.
For ipip6 tunnels, we need to traverse tunnel46_handlers as we do e.g.
in tunnel46_rcv(). Current code can generate an ICMPv6 error message
with an IPv4 packet embedded in it.

Fixes: 73d605d1 ("[IPSEC]: changing API of xfrm6_tunnel_register")
Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarZefan Li <lizefan@huawei.com>
parent 0c760ac8
...@@ -145,6 +145,16 @@ static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, ...@@ -145,6 +145,16 @@ static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
break; break;
} }
static void tunnel46_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
u8 type, u8 code, int offset, __be32 info)
{
struct xfrm6_tunnel *handler;
for_each_tunnel_rcu(tunnel46_handlers, handler)
if (!handler->err_handler(skb, opt, type, code, offset, info))
break;
}
static const struct inet6_protocol tunnel6_protocol = { static const struct inet6_protocol tunnel6_protocol = {
.handler = tunnel6_rcv, .handler = tunnel6_rcv,
.err_handler = tunnel6_err, .err_handler = tunnel6_err,
...@@ -153,7 +163,7 @@ static const struct inet6_protocol tunnel6_protocol = { ...@@ -153,7 +163,7 @@ static const struct inet6_protocol tunnel6_protocol = {
static const struct inet6_protocol tunnel46_protocol = { static const struct inet6_protocol tunnel46_protocol = {
.handler = tunnel46_rcv, .handler = tunnel46_rcv,
.err_handler = tunnel6_err, .err_handler = tunnel46_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment