Commit 5a352dd0 authored by Hannes Frederic Sowa's avatar Hannes Frederic Sowa Committed by David S. Miller

ipv6: hash net ptr into fragmentation bucket selection

As namespaces are sometimes used with overlapping ip address ranges,
we should also use the namespace as input to the hash to select the ip
fragmentation counter bucket.

Cc: Eric Dumazet <edumazet@google.com>
Cc: Flavio Leitner <fbl@redhat.com>
Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b6a7719a
...@@ -671,8 +671,9 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add ...@@ -671,8 +671,9 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add
return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
} }
void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt); void ipv6_select_ident(struct net *net, struct frag_hdr *fhdr,
void ipv6_proxy_select_ident(struct sk_buff *skb); struct rt6_info *rt);
void ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb);
int ip6_dst_hoplimit(struct dst_entry *dst); int ip6_dst_hoplimit(struct dst_entry *dst);
......
...@@ -628,7 +628,7 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) ...@@ -628,7 +628,7 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
skb_reset_network_header(skb); skb_reset_network_header(skb);
memcpy(skb_network_header(skb), tmp_hdr, hlen); memcpy(skb_network_header(skb), tmp_hdr, hlen);
ipv6_select_ident(fh, rt); ipv6_select_ident(net, fh, rt);
fh->nexthdr = nexthdr; fh->nexthdr = nexthdr;
fh->reserved = 0; fh->reserved = 0;
fh->frag_off = htons(IP6_MF); fh->frag_off = htons(IP6_MF);
...@@ -775,7 +775,7 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) ...@@ -775,7 +775,7 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
fh->nexthdr = nexthdr; fh->nexthdr = nexthdr;
fh->reserved = 0; fh->reserved = 0;
if (!frag_id) { if (!frag_id) {
ipv6_select_ident(fh, rt); ipv6_select_ident(net, fh, rt);
frag_id = fh->identification; frag_id = fh->identification;
} else } else
fh->identification = frag_id; fh->identification = frag_id;
...@@ -1079,7 +1079,7 @@ static inline int ip6_ufo_append_data(struct sock *sk, ...@@ -1079,7 +1079,7 @@ static inline int ip6_ufo_append_data(struct sock *sk,
skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
sizeof(struct frag_hdr)) & ~7; sizeof(struct frag_hdr)) & ~7;
skb_shinfo(skb)->gso_type = SKB_GSO_UDP; skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
ipv6_select_ident(&fhdr, rt); ipv6_select_ident(sock_net(sk), &fhdr, rt);
skb_shinfo(skb)->ip6_frag_id = fhdr.identification; skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
append: append:
......
...@@ -9,13 +9,14 @@ ...@@ -9,13 +9,14 @@
#include <net/addrconf.h> #include <net/addrconf.h>
#include <net/secure_seq.h> #include <net/secure_seq.h>
static u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr *dst, static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
struct in6_addr *src) struct in6_addr *dst, struct in6_addr *src)
{ {
u32 hash, id; u32 hash, id;
hash = __ipv6_addr_jhash(dst, hashrnd); hash = __ipv6_addr_jhash(dst, hashrnd);
hash = __ipv6_addr_jhash(src, hash); hash = __ipv6_addr_jhash(src, hash);
hash ^= net_hash_mix(net);
/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve, /* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
* set the hight order instead thus minimizing possible future * set the hight order instead thus minimizing possible future
...@@ -36,7 +37,7 @@ static u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr *dst, ...@@ -36,7 +37,7 @@ static u32 __ipv6_select_ident(u32 hashrnd, struct in6_addr *dst,
* *
* The network header must be set before calling this. * The network header must be set before calling this.
*/ */
void ipv6_proxy_select_ident(struct sk_buff *skb) void ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
{ {
static u32 ip6_proxy_idents_hashrnd __read_mostly; static u32 ip6_proxy_idents_hashrnd __read_mostly;
struct in6_addr buf[2]; struct in6_addr buf[2];
...@@ -53,20 +54,21 @@ void ipv6_proxy_select_ident(struct sk_buff *skb) ...@@ -53,20 +54,21 @@ void ipv6_proxy_select_ident(struct sk_buff *skb)
net_get_random_once(&ip6_proxy_idents_hashrnd, net_get_random_once(&ip6_proxy_idents_hashrnd,
sizeof(ip6_proxy_idents_hashrnd)); sizeof(ip6_proxy_idents_hashrnd));
id = __ipv6_select_ident(ip6_proxy_idents_hashrnd, id = __ipv6_select_ident(net, ip6_proxy_idents_hashrnd,
&addrs[1], &addrs[0]); &addrs[1], &addrs[0]);
skb_shinfo(skb)->ip6_frag_id = htonl(id); skb_shinfo(skb)->ip6_frag_id = htonl(id);
} }
EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident); EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) void ipv6_select_ident(struct net *net, struct frag_hdr *fhdr,
struct rt6_info *rt)
{ {
static u32 ip6_idents_hashrnd __read_mostly; static u32 ip6_idents_hashrnd __read_mostly;
u32 id; u32 id;
net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd)); net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
id = __ipv6_select_ident(ip6_idents_hashrnd, &rt->rt6i_dst.addr, id = __ipv6_select_ident(net, ip6_idents_hashrnd, &rt->rt6i_dst.addr,
&rt->rt6i_src.addr); &rt->rt6i_src.addr);
fhdr->identification = htonl(id); fhdr->identification = htonl(id);
} }
......
...@@ -54,7 +54,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, ...@@ -54,7 +54,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
/* Set the IPv6 fragment id if not set yet */ /* Set the IPv6 fragment id if not set yet */
if (!skb_shinfo(skb)->ip6_frag_id) if (!skb_shinfo(skb)->ip6_frag_id)
ipv6_proxy_select_ident(skb); ipv6_proxy_select_ident(dev_net(skb->dev), skb);
segs = NULL; segs = NULL;
goto out; goto out;
...@@ -113,7 +113,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, ...@@ -113,7 +113,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb,
fptr->nexthdr = nexthdr; fptr->nexthdr = nexthdr;
fptr->reserved = 0; fptr->reserved = 0;
if (!skb_shinfo(skb)->ip6_frag_id) if (!skb_shinfo(skb)->ip6_frag_id)
ipv6_proxy_select_ident(skb); ipv6_proxy_select_ident(dev_net(skb->dev), skb);
fptr->identification = skb_shinfo(skb)->ip6_frag_id; fptr->identification = skb_shinfo(skb)->ip6_frag_id;
/* Fragment the skb. ipv6 header and the remaining fields of the /* Fragment the skb. ipv6 header and the remaining fields of the
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment