Commit b26bc377 authored by Mahesh Bandewar's avatar Mahesh Bandewar Committed by Kelsey Skunberg

ipvlan: don't deref eth hdr before checking it's set

BugLink: https://bugs.launchpad.net/bugs/1868629

[ Upstream commit ad819276 ]

IPvlan in L3 mode discards outbound multicast packets but performs
the check before ensuring the ether-header is set or not. This is
an error that Eric found through code browsing.

Fixes: 2ad7bf36 (“ipvlan: Initial check-in of the IPVLAN driver.”)
Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
Reported-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: default avatarKelsey Skunberg <kelsey.skunberg@canonical.com>
parent 4f38b4e0
...@@ -430,19 +430,21 @@ static int ipvlan_process_outbound(struct sk_buff *skb, ...@@ -430,19 +430,21 @@ static int ipvlan_process_outbound(struct sk_buff *skb,
struct ethhdr *ethh = eth_hdr(skb); struct ethhdr *ethh = eth_hdr(skb);
int ret = NET_XMIT_DROP; int ret = NET_XMIT_DROP;
/* In this mode we dont care about multicast and broadcast traffic */ /* The ipvlan is a pseudo-L2 device, so the packets that we receive
* will have L2; which need to discarded and processed further
* in the net-ns of the main-device.
*/
if (skb_mac_header_was_set(skb)) {
/* In this mode we dont care about
* multicast and broadcast traffic */
if (is_multicast_ether_addr(ethh->h_dest)) { if (is_multicast_ether_addr(ethh->h_dest)) {
pr_debug_ratelimited("Dropped {multi|broad}cast of type=[%x]\n", pr_debug_ratelimited(
"Dropped {multi|broad}cast of type=[%x]\n",
ntohs(skb->protocol)); ntohs(skb->protocol));
kfree_skb(skb); kfree_skb(skb);
goto out; goto out;
} }
/* The ipvlan is a pseudo-L2 device, so the packets that we receive
* will have L2; which need to discarded and processed further
* in the net-ns of the main-device.
*/
if (skb_mac_header_was_set(skb)) {
skb_pull(skb, sizeof(*ethh)); skb_pull(skb, sizeof(*ethh));
skb->mac_header = (typeof(skb->mac_header))~0U; skb->mac_header = (typeof(skb->mac_header))~0U;
skb_reset_network_header(skb); skb_reset_network_header(skb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment