Commit 118d5234 authored by Robert Shearman's avatar Robert Shearman Committed by David S. Miller

mpls: Enforce payload type of traffic sent using explicit NULL

RFC 4182 s2 states that if an IPv4 Explicit NULL label is the only
label on the stack, then after popping the resulting packet must be
treated as a IPv4 packet and forwarded based on the IPv4 header. The
same is true for IPv6 Explicit NULL with an IPv6 packet following.

Therefore, when installing the IPv4/IPv6 Explicit NULL label routes,
add an attribute that specifies the expected payload type for use at
forwarding time for determining the type of the encapsulated packet
instead of inspecting the first nibble of the packet.
Signed-off-by: default avatarRobert Shearman <rshearma@brocade.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d74a790d
...@@ -27,11 +27,23 @@ ...@@ -27,11 +27,23 @@
/* This maximum ha length copied from the definition of struct neighbour */ /* This maximum ha length copied from the definition of struct neighbour */
#define MAX_VIA_ALEN (ALIGN(MAX_ADDR_LEN, sizeof(unsigned long))) #define MAX_VIA_ALEN (ALIGN(MAX_ADDR_LEN, sizeof(unsigned long)))
enum mpls_payload_type {
MPT_UNSPEC, /* IPv4 or IPv6 */
MPT_IPV4 = 4,
MPT_IPV6 = 6,
/* Other types not implemented:
* - Pseudo-wire with or without control word (RFC4385)
* - GAL (RFC5586)
*/
};
struct mpls_route { /* next hop label forwarding entry */ struct mpls_route { /* next hop label forwarding entry */
struct net_device __rcu *rt_dev; struct net_device __rcu *rt_dev;
struct rcu_head rt_rcu; struct rcu_head rt_rcu;
u32 rt_label[MAX_NEW_LABELS]; u32 rt_label[MAX_NEW_LABELS];
u8 rt_protocol; /* routing protocol that set this entry */ u8 rt_protocol; /* routing protocol that set this entry */
u8 rt_payload_type;
u8 rt_labels; u8 rt_labels;
u8 rt_via_alen; u8 rt_via_alen;
u8 rt_via_table; u8 rt_via_table;
...@@ -96,16 +108,8 @@ EXPORT_SYMBOL_GPL(mpls_pkt_too_big); ...@@ -96,16 +108,8 @@ EXPORT_SYMBOL_GPL(mpls_pkt_too_big);
static bool mpls_egress(struct mpls_route *rt, struct sk_buff *skb, static bool mpls_egress(struct mpls_route *rt, struct sk_buff *skb,
struct mpls_entry_decoded dec) struct mpls_entry_decoded dec)
{ {
/* RFC4385 and RFC5586 encode other packets in mpls such that enum mpls_payload_type payload_type;
* they don't conflict with the ip version number, making bool success = false;
* decoding by examining the ip version correct in everything
* except for the strangest cases.
*
* The strange cases if we choose to support them will require
* manual configuration.
*/
struct iphdr *hdr4;
bool success = true;
/* The IPv4 code below accesses through the IPv4 header /* The IPv4 code below accesses through the IPv4 header
* checksum, which is 12 bytes into the packet. * checksum, which is 12 bytes into the packet.
...@@ -120,23 +124,32 @@ static bool mpls_egress(struct mpls_route *rt, struct sk_buff *skb, ...@@ -120,23 +124,32 @@ static bool mpls_egress(struct mpls_route *rt, struct sk_buff *skb,
if (!pskb_may_pull(skb, 12)) if (!pskb_may_pull(skb, 12))
return false; return false;
/* Use ip_hdr to find the ip protocol version */ payload_type = rt->rt_payload_type;
hdr4 = ip_hdr(skb); if (payload_type == MPT_UNSPEC)
if (hdr4->version == 4) { payload_type = ip_hdr(skb)->version;
switch (payload_type) {
case MPT_IPV4: {
struct iphdr *hdr4 = ip_hdr(skb);
skb->protocol = htons(ETH_P_IP); skb->protocol = htons(ETH_P_IP);
csum_replace2(&hdr4->check, csum_replace2(&hdr4->check,
htons(hdr4->ttl << 8), htons(hdr4->ttl << 8),
htons(dec.ttl << 8)); htons(dec.ttl << 8));
hdr4->ttl = dec.ttl; hdr4->ttl = dec.ttl;
success = true;
break;
} }
else if (hdr4->version == 6) { case MPT_IPV6: {
struct ipv6hdr *hdr6 = ipv6_hdr(skb); struct ipv6hdr *hdr6 = ipv6_hdr(skb);
skb->protocol = htons(ETH_P_IPV6); skb->protocol = htons(ETH_P_IPV6);
hdr6->hop_limit = dec.ttl; hdr6->hop_limit = dec.ttl;
success = true;
break;
} }
else case MPT_UNSPEC:
/* version 0 and version 1 are used by pseudo wires */ break;
success = false; }
return success; return success;
} }
...@@ -264,6 +277,7 @@ struct mpls_route_config { ...@@ -264,6 +277,7 @@ struct mpls_route_config {
u32 rc_output_labels; u32 rc_output_labels;
u32 rc_output_label[MAX_NEW_LABELS]; u32 rc_output_label[MAX_NEW_LABELS];
u32 rc_nlflags; u32 rc_nlflags;
enum mpls_payload_type rc_payload_type;
struct nl_info rc_nlinfo; struct nl_info rc_nlinfo;
}; };
...@@ -493,6 +507,7 @@ static int mpls_route_add(struct mpls_route_config *cfg) ...@@ -493,6 +507,7 @@ static int mpls_route_add(struct mpls_route_config *cfg)
rt->rt_label[i] = cfg->rc_output_label[i]; rt->rt_label[i] = cfg->rc_output_label[i];
rt->rt_protocol = cfg->rc_protocol; rt->rt_protocol = cfg->rc_protocol;
RCU_INIT_POINTER(rt->rt_dev, dev); RCU_INIT_POINTER(rt->rt_dev, dev);
rt->rt_payload_type = cfg->rc_payload_type;
rt->rt_via_table = cfg->rc_via_table; rt->rt_via_table = cfg->rc_via_table;
memcpy(rt->rt_via, cfg->rc_via, cfg->rc_via_alen); memcpy(rt->rt_via, cfg->rc_via, cfg->rc_via_alen);
...@@ -1047,6 +1062,7 @@ static int resize_platform_label_table(struct net *net, size_t limit) ...@@ -1047,6 +1062,7 @@ static int resize_platform_label_table(struct net *net, size_t limit)
goto nort0; goto nort0;
RCU_INIT_POINTER(rt0->rt_dev, lo); RCU_INIT_POINTER(rt0->rt_dev, lo);
rt0->rt_protocol = RTPROT_KERNEL; rt0->rt_protocol = RTPROT_KERNEL;
rt0->rt_payload_type = MPT_IPV4;
rt0->rt_via_table = NEIGH_LINK_TABLE; rt0->rt_via_table = NEIGH_LINK_TABLE;
memcpy(rt0->rt_via, lo->dev_addr, lo->addr_len); memcpy(rt0->rt_via, lo->dev_addr, lo->addr_len);
} }
...@@ -1057,6 +1073,7 @@ static int resize_platform_label_table(struct net *net, size_t limit) ...@@ -1057,6 +1073,7 @@ static int resize_platform_label_table(struct net *net, size_t limit)
goto nort2; goto nort2;
RCU_INIT_POINTER(rt2->rt_dev, lo); RCU_INIT_POINTER(rt2->rt_dev, lo);
rt2->rt_protocol = RTPROT_KERNEL; rt2->rt_protocol = RTPROT_KERNEL;
rt2->rt_payload_type = MPT_IPV6;
rt2->rt_via_table = NEIGH_LINK_TABLE; rt2->rt_via_table = NEIGH_LINK_TABLE;
memcpy(rt2->rt_via, lo->dev_addr, lo->addr_len); memcpy(rt2->rt_via, lo->dev_addr, lo->addr_len);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment