Commit 012d69fb authored by Eyal Birger's avatar Eyal Birger Committed by David S. Miller

vrf: fix packet sniffing for traffic originating from ip tunnels

in commit 04893908
("vrf: add mac header for tunneled packets when sniffer is attached")
an Ethernet header was cooked for traffic originating from tunnel devices.

However, the header is added based on whether the mac_header is unset
and ignores cases where the device doesn't expose a mac header to upper
layers, such as in ip tunnels like ipip and gre.

Traffic originating from such devices still appears garbled when capturing
on the vrf device.

Fix by observing whether the original device exposes a header to upper
layers, similar to the logic done in af_packet.

In addition, skb->mac_len needs to be adjusted after adding the Ethernet
header for the skb_push/pull() surrounding dev_queue_xmit_nit() to work
on these packets.

Fixes: 04893908 ("vrf: add mac header for tunneled packets when sniffer is attached")
Signed-off-by: default avatarEyal Birger <eyal.birger@gmail.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9381fe8c
...@@ -1265,6 +1265,7 @@ static int vrf_prepare_mac_header(struct sk_buff *skb, ...@@ -1265,6 +1265,7 @@ static int vrf_prepare_mac_header(struct sk_buff *skb,
eth = (struct ethhdr *)skb->data; eth = (struct ethhdr *)skb->data;
skb_reset_mac_header(skb); skb_reset_mac_header(skb);
skb_reset_mac_len(skb);
/* we set the ethernet destination and the source addresses to the /* we set the ethernet destination and the source addresses to the
* address of the VRF device. * address of the VRF device.
...@@ -1294,9 +1295,9 @@ static int vrf_prepare_mac_header(struct sk_buff *skb, ...@@ -1294,9 +1295,9 @@ static int vrf_prepare_mac_header(struct sk_buff *skb,
*/ */
static int vrf_add_mac_header_if_unset(struct sk_buff *skb, static int vrf_add_mac_header_if_unset(struct sk_buff *skb,
struct net_device *vrf_dev, struct net_device *vrf_dev,
u16 proto) u16 proto, struct net_device *orig_dev)
{ {
if (skb_mac_header_was_set(skb)) if (skb_mac_header_was_set(skb) && dev_has_header(orig_dev))
return 0; return 0;
return vrf_prepare_mac_header(skb, vrf_dev, proto); return vrf_prepare_mac_header(skb, vrf_dev, proto);
...@@ -1402,6 +1403,8 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev, ...@@ -1402,6 +1403,8 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev,
/* if packet is NDISC then keep the ingress interface */ /* if packet is NDISC then keep the ingress interface */
if (!is_ndisc) { if (!is_ndisc) {
struct net_device *orig_dev = skb->dev;
vrf_rx_stats(vrf_dev, skb->len); vrf_rx_stats(vrf_dev, skb->len);
skb->dev = vrf_dev; skb->dev = vrf_dev;
skb->skb_iif = vrf_dev->ifindex; skb->skb_iif = vrf_dev->ifindex;
...@@ -1410,7 +1413,8 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev, ...@@ -1410,7 +1413,8 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev,
int err; int err;
err = vrf_add_mac_header_if_unset(skb, vrf_dev, err = vrf_add_mac_header_if_unset(skb, vrf_dev,
ETH_P_IPV6); ETH_P_IPV6,
orig_dev);
if (likely(!err)) { if (likely(!err)) {
skb_push(skb, skb->mac_len); skb_push(skb, skb->mac_len);
dev_queue_xmit_nit(skb, vrf_dev); dev_queue_xmit_nit(skb, vrf_dev);
...@@ -1440,6 +1444,8 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev, ...@@ -1440,6 +1444,8 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev,
static struct sk_buff *vrf_ip_rcv(struct net_device *vrf_dev, static struct sk_buff *vrf_ip_rcv(struct net_device *vrf_dev,
struct sk_buff *skb) struct sk_buff *skb)
{ {
struct net_device *orig_dev = skb->dev;
skb->dev = vrf_dev; skb->dev = vrf_dev;
skb->skb_iif = vrf_dev->ifindex; skb->skb_iif = vrf_dev->ifindex;
IPCB(skb)->flags |= IPSKB_L3SLAVE; IPCB(skb)->flags |= IPSKB_L3SLAVE;
...@@ -1460,7 +1466,8 @@ static struct sk_buff *vrf_ip_rcv(struct net_device *vrf_dev, ...@@ -1460,7 +1466,8 @@ static struct sk_buff *vrf_ip_rcv(struct net_device *vrf_dev,
if (!list_empty(&vrf_dev->ptype_all)) { if (!list_empty(&vrf_dev->ptype_all)) {
int err; int err;
err = vrf_add_mac_header_if_unset(skb, vrf_dev, ETH_P_IP); err = vrf_add_mac_header_if_unset(skb, vrf_dev, ETH_P_IP,
orig_dev);
if (likely(!err)) { if (likely(!err)) {
skb_push(skb, skb->mac_len); skb_push(skb, skb->mac_len);
dev_queue_xmit_nit(skb, vrf_dev); dev_queue_xmit_nit(skb, vrf_dev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment