www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Bernie Harris <bernie.harris@alliedtelesis.co.nz>
	Sun, 21 Feb 2016 23:58:05 +0000 (12:58 +1300)
committer	Dhaval Giani <dhaval.giani@oracle.com>
	Fri, 20 Jan 2017 22:21:59 +0000 (17:21 -0500)
commit	11d9941d7aab189f800e0d115951d8679eaf3672
tree	5e1dce141e325aa0848054a603a38d1468f4f079	tree
parent	f1e1f87ddcf749f954063208850c5ebf0216d65d	commit \| diff

tunnel: Clear IPCB(skb)->opt before dst_link_failure called

Orabug: 25308044

[ Upstream commit 5146d1f151122e868e594c7b45115d64825aee5f ]

IPCB may contain data from previous layers (in the observed case the
qdisc layer). In the observed scenario, the data was misinterpreted as
ip header options, which later caused the ihl to be set to an invalid
value (<5). This resulted in an infinite loop in the mips implementation
of ip_fast_csum.

This patch clears IPCB(skb)->opt before dst_link_failure can be called for
various types of tunnels. This change only applies to encapsulated ipv4
packets.

The code introduced in 11c21a30 which clears all of IPCB has been removed
to be consistent with these changes, and instead the opt field is cleared
unconditionally in ip_tunnel_xmit. The change in ip_tunnel_xmit applies to
SIT, GRE, and IPIP tunnels.

The relevant vti, l2tp, and pptp functions already contain similar code for
clearing the IPCB.

Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit ea82b38fce682e4277cb20f385b3cebbb91cd1e5)
Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>

net/ipv4/ip_tunnel.c		diff \| blob \| history
net/ipv4/udp_tunnel.c		diff \| blob \| history
net/ipv6/ip6_gre.c		diff \| blob \| history
net/ipv6/ip6_tunnel.c		diff \| blob \| history