Commit f72299da authored by Ansis Atteka's avatar Ansis Atteka Committed by Greg Kroah-Hartman

ip: generate unique IP identificator if local fragmentation is allowed

[ Upstream commit 703133de ]

If local fragmentation is allowed, then ip_select_ident() and
ip_select_ident_more() need to generate unique IDs to ensure
correct defragmentation on the peer.

For example, if IPsec (tunnel mode) has to encrypt large skbs
that have local_df bit set, then all IP fragments that belonged
to different ESP datagrams would have used the same identificator.
If one of these IP fragments would get lost or reordered, then
peer could possibly stitch together wrong IP fragments that did
not belong to the same datagram. This would lead to a packet loss
or data corruption.
Signed-off-by: default avatarAnsis Atteka <aatteka@nicira.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 832ae42a
...@@ -281,7 +281,7 @@ static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) ...@@ -281,7 +281,7 @@ static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
nf_reset(skb); nf_reset(skb);
skb->ip_summed = CHECKSUM_NONE; skb->ip_summed = CHECKSUM_NONE;
ip_select_ident(iph, &rt->dst, NULL); ip_select_ident(skb, &rt->dst, NULL);
ip_send_check(iph); ip_send_check(iph);
ip_local_out(skb); ip_local_out(skb);
......
...@@ -266,9 +266,11 @@ int ip_dont_fragment(struct sock *sk, struct dst_entry *dst) ...@@ -266,9 +266,11 @@ int ip_dont_fragment(struct sock *sk, struct dst_entry *dst)
extern void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more); extern void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more);
static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, struct sock *sk) static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk)
{ {
if (iph->frag_off & htons(IP_DF)) { struct iphdr *iph = ip_hdr(skb);
if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) {
/* This is only to work around buggy Windows95/2000 /* This is only to work around buggy Windows95/2000
* VJ compression implementations. If the ID field * VJ compression implementations. If the ID field
* does not change, they drop every other packet in * does not change, they drop every other packet in
...@@ -280,9 +282,11 @@ static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, str ...@@ -280,9 +282,11 @@ static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, str
__ip_select_ident(iph, dst, 0); __ip_select_ident(iph, dst, 0);
} }
static inline void ip_select_ident_more(struct iphdr *iph, struct dst_entry *dst, struct sock *sk, int more) static inline void ip_select_ident_more(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk, int more)
{ {
if (iph->frag_off & htons(IP_DF)) { struct iphdr *iph = ip_hdr(skb);
if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) {
if (sk && inet_sk(sk)->inet_daddr) { if (sk && inet_sk(sk)->inet_daddr) {
iph->id = htons(inet_sk(sk)->inet_id); iph->id = htons(inet_sk(sk)->inet_id);
inet_sk(sk)->inet_id += 1 + more; inet_sk(sk)->inet_id += 1 + more;
......
...@@ -50,7 +50,7 @@ struct ip_tunnel_prl_entry { ...@@ -50,7 +50,7 @@ struct ip_tunnel_prl_entry {
int pkt_len = skb->len - skb_transport_offset(skb); \ int pkt_len = skb->len - skb_transport_offset(skb); \
\ \
skb->ip_summed = CHECKSUM_NONE; \ skb->ip_summed = CHECKSUM_NONE; \
ip_select_ident(iph, &rt->dst, NULL); \ ip_select_ident(skb, &rt->dst, NULL); \
\ \
err = ip_local_out(skb); \ err = ip_local_out(skb); \
if (likely(net_xmit_eval(err) == 0)) { \ if (likely(net_xmit_eval(err) == 0)) { \
......
...@@ -343,7 +343,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) ...@@ -343,7 +343,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
pip->saddr = fl4.saddr; pip->saddr = fl4.saddr;
pip->protocol = IPPROTO_IGMP; pip->protocol = IPPROTO_IGMP;
pip->tot_len = 0; /* filled in later */ pip->tot_len = 0; /* filled in later */
ip_select_ident(pip, &rt->dst, NULL); ip_select_ident(skb, &rt->dst, NULL);
((u8*)&pip[1])[0] = IPOPT_RA; ((u8*)&pip[1])[0] = IPOPT_RA;
((u8*)&pip[1])[1] = 4; ((u8*)&pip[1])[1] = 4;
((u8*)&pip[1])[2] = 0; ((u8*)&pip[1])[2] = 0;
...@@ -687,7 +687,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, ...@@ -687,7 +687,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
iph->daddr = dst; iph->daddr = dst;
iph->saddr = fl4.saddr; iph->saddr = fl4.saddr;
iph->protocol = IPPROTO_IGMP; iph->protocol = IPPROTO_IGMP;
ip_select_ident(iph, &rt->dst, NULL); ip_select_ident(skb, &rt->dst, NULL);
((u8*)&iph[1])[0] = IPOPT_RA; ((u8*)&iph[1])[0] = IPOPT_RA;
((u8*)&iph[1])[1] = 4; ((u8*)&iph[1])[1] = 4;
((u8*)&iph[1])[2] = 0; ((u8*)&iph[1])[2] = 0;
......
...@@ -32,8 +32,8 @@ ...@@ -32,8 +32,8 @@
* At the moment of writing this notes identifier of IP packets is generated * At the moment of writing this notes identifier of IP packets is generated
* to be unpredictable using this code only for packets subjected * to be unpredictable using this code only for packets subjected
* (actually or potentially) to defragmentation. I.e. DF packets less than * (actually or potentially) to defragmentation. I.e. DF packets less than
* PMTU in size uses a constant ID and do not use this code (see * PMTU in size when local fragmentation is disabled use a constant ID and do
* ip_select_ident() in include/net/ip.h). * not use this code (see ip_select_ident() in include/net/ip.h).
* *
* Route cache entries hold references to our nodes. * Route cache entries hold references to our nodes.
* New cache entries get references via lookup by destination IP address in * New cache entries get references via lookup by destination IP address in
......
...@@ -161,7 +161,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, ...@@ -161,7 +161,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr);
iph->saddr = saddr; iph->saddr = saddr;
iph->protocol = sk->sk_protocol; iph->protocol = sk->sk_protocol;
ip_select_ident(iph, &rt->dst, sk); ip_select_ident(skb, &rt->dst, sk);
if (opt && opt->opt.optlen) { if (opt && opt->opt.optlen) {
iph->ihl += opt->opt.optlen>>2; iph->ihl += opt->opt.optlen>>2;
...@@ -403,7 +403,7 @@ int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl) ...@@ -403,7 +403,7 @@ int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl)
ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0); ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0);
} }
ip_select_ident_more(iph, &rt->dst, sk, ip_select_ident_more(skb, &rt->dst, sk,
(skb_shinfo(skb)->gso_segs ?: 1) - 1); (skb_shinfo(skb)->gso_segs ?: 1) - 1);
skb->priority = sk->sk_priority; skb->priority = sk->sk_priority;
...@@ -1347,7 +1347,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk, ...@@ -1347,7 +1347,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk,
iph->ihl = 5; iph->ihl = 5;
iph->tos = inet->tos; iph->tos = inet->tos;
iph->frag_off = df; iph->frag_off = df;
ip_select_ident(iph, &rt->dst, sk); ip_select_ident(skb, &rt->dst, sk);
iph->ttl = ttl; iph->ttl = ttl;
iph->protocol = sk->sk_protocol; iph->protocol = sk->sk_protocol;
ip_copy_addrs(iph, fl4); ip_copy_addrs(iph, fl4);
......
...@@ -1573,7 +1573,7 @@ static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr) ...@@ -1573,7 +1573,7 @@ static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
iph->protocol = IPPROTO_IPIP; iph->protocol = IPPROTO_IPIP;
iph->ihl = 5; iph->ihl = 5;
iph->tot_len = htons(skb->len); iph->tot_len = htons(skb->len);
ip_select_ident(iph, skb_dst(skb), NULL); ip_select_ident(skb, skb_dst(skb), NULL);
ip_send_check(iph); ip_send_check(iph);
memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
......
...@@ -384,7 +384,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, ...@@ -384,7 +384,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
iph->check = 0; iph->check = 0;
iph->tot_len = htons(length); iph->tot_len = htons(length);
if (!iph->id) if (!iph->id)
ip_select_ident(iph, &rt->dst, NULL); ip_select_ident(skb, &rt->dst, NULL);
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
} }
......
...@@ -54,7 +54,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) ...@@ -54,7 +54,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF)); 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
ip_select_ident(top_iph, dst->child, NULL); ip_select_ident(skb, dst->child, NULL);
top_iph->ttl = ip4_dst_hoplimit(dst->child); top_iph->ttl = ip4_dst_hoplimit(dst->child);
......
...@@ -853,7 +853,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -853,7 +853,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
iph->daddr = cp->daddr.ip; iph->daddr = cp->daddr.ip;
iph->saddr = saddr; iph->saddr = saddr;
iph->ttl = old_iph->ttl; iph->ttl = old_iph->ttl;
ip_select_ident(iph, &rt->dst, NULL); ip_select_ident(skb, &rt->dst, NULL);
/* Another hack: avoid icmp_send in ip_fragment */ /* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1; skb->local_df = 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment