18 Dec, 2019

1 commit

  • [ Upstream commit 6c8991f41546c3c472503dff1ea9daaddf9331c2 ]

    ipv6_stub uses the ip6_dst_lookup function to allow other modules to
    perform IPv6 lookups. However, this function skips the XFRM layer
    entirely.

    All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
    ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
    which calls xfrm_lookup_route(). This patch fixes this inconsistent
    behavior by switching the stub to ip6_dst_lookup_flow, which also calls
    xfrm_lookup_route().

    This requires some changes in all the callers, as these two functions
    take different arguments and have different return types.

    Fixes: 5f81bd2e5d80 ("ipv6: export a stub for IPv6 symbols used by vxlan")
    Reported-by: Xiumei Mu
    Signed-off-by: Sabrina Dubroca
    Signed-off-by: David S. Miller
    Signed-off-by: Greg Kroah-Hartman

    Sabrina Dubroca
     

08 Jul, 2019

1 commit

  • For these places are protected by rcu_read_lock, we change from
    rcu_dereference_rtnl to rcu_dereference, as there is no need to
    check if rtnl lock is held.

    For these places are protected by rtnl_lock, we change from
    rcu_dereference_rtnl to rtnl_dereference/rcu_dereference_protected,
    as no extra memory barriers are needed under rtnl_lock() which also
    protects tn->bearer_list[] and dev->tipc_ptr/b->media_ptr updating.

    rcu_dereference_rtnl will be only used in the places where it could
    be under rcu_read_lock or rtnl_lock.

    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

03 Jul, 2019

1 commit

  • Both tipc_udp_enable and tipc_udp_disable are called under rtnl_lock,
    ub->ubsock could never be NULL in tipc_udp_disable and cleanup_bearer,
    so remove the check.

    Also remove the one in tipc_udp_enable by adding "free" label.

    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

28 Jun, 2019

1 commit

  • As other udp/ip tunnels do, tipc udp media should also have a
    lockless dst_cache supported on its tx path.

    Here we add dst_cache into udp_replicast to support dst cache
    for both rmcast and rcast, and rmcast uses ub->rcast and each
    rcast uses its own node in ub->rcast.list.

    Signed-off-by: Xin Long
    Acked-by: Jon Maloy
    Signed-off-by: David S. Miller

    Xin Long
     

19 Jun, 2019

1 commit

  • udp_tunnel(6)_xmit_skb() called by tipc_udp_xmit() expects a tunnel device
    to count packets on dev->tstats, a perpcu variable. However, TIPC is using
    udp tunnel with no tunnel device, and pass the lower dev, like veth device
    that only initializes dev->lstats(a perpcu variable) when creating it.

    Later iptunnel_xmit_stats() called by ip(6)tunnel_xmit() thinks the dev as
    a tunnel device, and uses dev->tstats instead of dev->lstats. tstats' each
    pointer points to a bigger struct than lstats, so when tstats->tx_bytes is
    increased, other percpu variable's members could be overwritten.

    syzbot has reported quite a few crashes due to fib_nh_common percpu member
    'nhc_pcpu_rth_output' overwritten, call traces are like:

    BUG: KASAN: slab-out-of-bounds in rt_cache_valid+0x158/0x190
    net/ipv4/route.c:1556
    rt_cache_valid+0x158/0x190 net/ipv4/route.c:1556
    __mkroute_output net/ipv4/route.c:2332 [inline]
    ip_route_output_key_hash_rcu+0x819/0x2d50 net/ipv4/route.c:2564
    ip_route_output_key_hash+0x1ef/0x360 net/ipv4/route.c:2393
    __ip_route_output_key include/net/route.h:125 [inline]
    ip_route_output_flow+0x28/0xc0 net/ipv4/route.c:2651
    ip_route_output_key include/net/route.h:135 [inline]
    ...

    or:

    kasan: GPF could be caused by NULL-ptr deref or user memory access
    RIP: 0010:dst_dev_put+0x24/0x290 net/core/dst.c:168

    rt_fibinfo_free_cpus net/ipv4/fib_semantics.c:200 [inline]
    free_fib_info_rcu+0x2e1/0x490 net/ipv4/fib_semantics.c:217
    __rcu_reclaim kernel/rcu/rcu.h:240 [inline]
    rcu_do_batch kernel/rcu/tree.c:2437 [inline]
    invoke_rcu_callbacks kernel/rcu/tree.c:2716 [inline]
    rcu_process_callbacks+0x100a/0x1ac0 kernel/rcu/tree.c:2697
    ...

    The issue exists since tunnel stats update is moved to iptunnel_xmit by
    Commit 039f50629b7f ("ip_tunnel: Move stats update to iptunnel_xmit()"),
    and here to fix it by passing a NULL tunnel dev to udp_tunnel(6)_xmit_skb
    so that the packets counting won't happen on dev->tstats.

    Reported-by: syzbot+9d4c12bfd45a58738d0a@syzkaller.appspotmail.com
    Reported-by: syzbot+a9e23ea2aa21044c2798@syzkaller.appspotmail.com
    Reported-by: syzbot+c4c4b2bb358bb936ad7e@syzkaller.appspotmail.com
    Reported-by: syzbot+0290d2290a607e035ba1@syzkaller.appspotmail.com
    Reported-by: syzbot+a43d8d4e7e8a7a9e149e@syzkaller.appspotmail.com
    Reported-by: syzbot+a47c5f4c6c00fc1ed16e@syzkaller.appspotmail.com
    Fixes: 039f50629b7f ("ip_tunnel: Move stats update to iptunnel_xmit()")
    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

28 Apr, 2019

2 commits

  • We currently have two levels of strict validation:

    1) liberal (default)
    - undefined (type >= max) & NLA_UNSPEC attributes accepted
    - attribute length >= expected accepted
    - garbage at end of message accepted
    2) strict (opt-in)
    - NLA_UNSPEC attributes accepted
    - attribute length >= expected accepted

    Split out parsing strictness into four different options:
    * TRAILING - check that there's no trailing data after parsing
    attributes (in message or nested)
    * MAXTYPE - reject attrs > max known type
    * UNSPEC - reject attributes with NLA_UNSPEC policy entries
    * STRICT_ATTRS - strictly validate attribute size

    The default for future things should be *everything*.
    The current *_strict() is a combination of TRAILING and MAXTYPE,
    and is renamed to _deprecated_strict().
    The current regular parsing has none of this, and is renamed to
    *_parse_deprecated().

    Additionally it allows us to selectively set one of the new flags
    even on old policies. Notably, the UNSPEC flag could be useful in
    this case, since it can be arranged (by filling in the policy) to
    not be an incompatible userspace ABI change, but would then going
    forward prevent forgetting attribute entries. Similar can apply
    to the POLICY flag.

    We end up with the following renames:
    * nla_parse -> nla_parse_deprecated
    * nla_parse_strict -> nla_parse_deprecated_strict
    * nlmsg_parse -> nlmsg_parse_deprecated
    * nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
    * nla_parse_nested -> nla_parse_nested_deprecated
    * nla_validate_nested -> nla_validate_nested_deprecated

    Using spatch, of course:
    @@
    expression TB, MAX, HEAD, LEN, POL, EXT;
    @@
    -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
    +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression TB, MAX, NLA, POL, EXT;
    @@
    -nla_parse_nested(TB, MAX, NLA, POL, EXT)
    +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)

    @@
    expression START, MAX, POL, EXT;
    @@
    -nla_validate_nested(START, MAX, POL, EXT)
    +nla_validate_nested_deprecated(START, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, MAX, POL, EXT;
    @@
    -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
    +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)

    For this patch, don't actually add the strict, non-renamed versions
    yet so that it breaks compile if I get it wrong.

    Also, while at it, make nla_validate and nla_parse go down to a
    common __nla_validate_parse() function to avoid code duplication.

    Ultimately, this allows us to have very strict validation for every
    new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
    next patch, while existing things will continue to work as is.

    In effect then, this adds fully strict validation for any new command.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • Even if the NLA_F_NESTED flag was introduced more than 11 years ago, most
    netlink based interfaces (including recently added ones) are still not
    setting it in kernel generated messages. Without the flag, message parsers
    not aware of attribute semantics (e.g. wireshark dissector or libmnl's
    mnl_nlmsg_fprintf()) cannot recognize nested attributes and won't display
    the structure of their contents.

    Unfortunately we cannot just add the flag everywhere as there may be
    userspace applications which check nlattr::nla_type directly rather than
    through a helper masking out the flags. Therefore the patch renames
    nla_nest_start() to nla_nest_start_noflag() and introduces nla_nest_start()
    as a wrapper adding NLA_F_NESTED. The calls which add NLA_F_NESTED manually
    are rewritten to use nla_nest_start().

    Except for changes in include/net/netlink.h, the patch was generated using
    this semantic patch:

    @@ expression E1, E2; @@
    -nla_nest_start(E1, E2)
    +nla_nest_start_noflag(E1, E2)

    @@ expression E1, E2; @@
    -nla_nest_start_noflag(E1, E2 | NLA_F_NESTED)
    +nla_nest_start(E1, E2)

    Signed-off-by: Michal Kubecek
    Acked-by: Jiri Pirko
    Acked-by: David Ahern
    Signed-off-by: David S. Miller

    Michal Kubecek
     

27 Apr, 2019

1 commit


25 Apr, 2019

1 commit

  • First thing tipc_udp_recv() does is to use rcu_dereference_sk_user_data(),
    and this is really hinting we already own rcu_read_lock() from the caller
    (UDP stack).

    No need to add another rcu_read_lock()/rcu_read_unlock() pair.

    Also use rcu_dereference() instead of rcu_dereference_rtnl()
    in the data path.

    Signed-off-by: Eric Dumazet
    Cc: Jon Maloy
    Cc: Ying Xue
    Signed-off-by: David S. Miller

    Eric Dumazet
     

30 Mar, 2019

1 commit

  • The number of stubs is growing and has nothing to do with addrconf.
    Move the definition of the stubs to a separate header file and update
    users. In the move, drop the vxlan specific comment before ipv6_stub.

    Code move only; no functional change intended.

    Signed-off-by: David Ahern
    Signed-off-by: David S. Miller

    David Ahern
     

15 Dec, 2018

2 commits

  • When TIPC_NLA_UDP_REMOTE is an IPv6 mcast address but
    TIPC_NLA_UDP_LOCAL is an IPv4 address, a NULL-ptr deref is triggered
    as the UDP tunnel sock is initialized to IPv4 or IPv6 sock merely
    based on the protocol in local address.

    We should just error out when the remote address and local address
    have different protocols.

    Reported-by: syzbot+eb4da3a20fad2e52555d@syzkaller.appspotmail.com
    Cc: Ying Xue
    Cc: Jon Maloy
    Signed-off-by: Cong Wang
    Acked-by: Jon Maloy
    Signed-off-by: David S. Miller

    Cong Wang
     
  • tipc_udp_xmit() drops the packet on error, there is no
    need to drop it again.

    Fixes: ef20cd4dd163 ("tipc: introduce UDP replicast")
    Reported-and-tested-by: syzbot+eae585ba2cc2752d3704@syzkaller.appspotmail.com
    Cc: Ying Xue
    Cc: Jon Maloy
    Signed-off-by: Cong Wang
    Signed-off-by: David S. Miller

    Cong Wang
     

16 Oct, 2018

1 commit

  • INADDR_ANY is hard-coded when activating UDP bearer. So, we could not
    bind to a specific IP address even with replicast mode using - given
    remote ip address instead of using multicast ip address.

    In this commit, we fixed it by checking and switch to use appropriate
    local ip address.

    before:
    $netstat -plu
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address
    udp 0 0 **0.0.0.0:6118** 0.0.0.0:*

    after:
    $netstat -plu
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address
    udp 0 0 **10.0.0.2:6118** 0.0.0.0:*

    Acked-by: Ying Xue
    Acked-by: Jon Maloy
    Signed-off-by: Hoang Le
    Signed-off-by: David S. Miller

    Hoang Le
     

20 Apr, 2018

1 commit

  • Currently, all bearers are configured with MTU value same as the
    underlying L2 device. However, in case of bearers with media type
    UDP, higher throughput is possible with a fixed and higher emulated
    MTU value than adapting to the underlying L2 MTU.

    In this commit, we introduce a parameter mtu in struct tipc_media
    and a default value is set for UDP. A default value of 14k
    was determined by experimentation and found to have a higher throughput
    than 16k. MTU for UDP bearers are assigned the above set value of
    media MTU.

    Acked-by: Ying Xue
    Acked-by: Jon Maloy
    Signed-off-by: GhantaKrishnamurthy MohanKrishna
    Signed-off-by: David S. Miller

    GhantaKrishnamurthy MohanKrishna
     

27 Mar, 2018

1 commit

  • Release alloced resource before return from the error handling
    case in tipc_udp_enable(), otherwise will cause memory leak.

    Fixes: 52dfae5c85a4 ("tipc: obtain node identity from interface by default")
    Signed-off-by: Wei Yongjun
    Acked-by: Jon Maloy
    Signed-off-by: David S. Miller

    Wei Yongjun
     

24 Mar, 2018

1 commit

  • Selecting and explicitly configuring a TIPC node identity may be
    unwanted in some cases.

    In this commit we introduce a default setting if the identity has not
    been set at the moment the first bearer is enabled. We do this by
    using a raw copy of a unique identifier from the used interface: MAC
    address in the case of an L2 bearer, IPv4/IPv6 address in the case
    of a UDP bearer.

    Acked-by: Ying Xue
    Signed-off-by: Jon Maloy
    Signed-off-by: David S. Miller

    Jon Maloy
     

02 Dec, 2017

1 commit

  • Remove the second tipc_rcv() call in tipc_udp_recv(). We have just
    checked that the bearer is not up, and calling tipc_rcv() with a bearer
    that is not up leads to a TIPC div-by-zero crash in
    tipc_node_calculate_timer(). The crash is rare in practice, but can
    happen like this:

    We're enabling a bearer, but it's not yet up and fully initialized.
    At the same time we receive a discovery packet, and in tipc_udp_recv()
    we end up calling tipc_rcv() with the not-yet-initialized bearer,
    causing later the div-by-zero crash in tipc_node_calculate_timer().

    Jon Maloy explains the impact of removing the second tipc_rcv() call:
    "link setup in the worst case will be delayed until the next arriving
    discovery messages, 1 sec later, and this is an acceptable delay."

    As the tipc_rcv() call is removed, just leave the function via the
    rcu_out label, so that we will kfree_skb().

    [ 12.590450] Own node address , network identity 1
    [ 12.668088] divide error: 0000 [#1] SMP
    [ 12.676952] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.14.2-dirty #1
    [ 12.679225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014
    [ 12.682095] task: ffff8c2a761edb80 task.stack: ffffa41cc0cac000
    [ 12.684087] RIP: 0010:tipc_node_calculate_timer.isra.12+0x45/0x60 [tipc]
    [ 12.686486] RSP: 0018:ffff8c2a7fc838a0 EFLAGS: 00010246
    [ 12.688451] RAX: 0000000000000000 RBX: ffff8c2a5b382600 RCX: 0000000000000000
    [ 12.691197] RDX: 0000000000000000 RSI: ffff8c2a5b382600 RDI: ffff8c2a5b382600
    [ 12.693945] RBP: ffff8c2a7fc838b0 R08: 0000000000000001 R09: 0000000000000001
    [ 12.696632] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8c2a5d8949d8
    [ 12.699491] R13: ffffffff95ede400 R14: 0000000000000000 R15: ffff8c2a5d894800
    [ 12.702338] FS: 0000000000000000(0000) GS:ffff8c2a7fc80000(0000) knlGS:0000000000000000
    [ 12.705099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 12.706776] CR2: 0000000001bb9440 CR3: 00000000bd009001 CR4: 00000000003606e0
    [ 12.708847] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [ 12.711016] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    [ 12.712627] Call Trace:
    [ 12.713390]
    [ 12.714011] tipc_node_check_dest+0x2e8/0x350 [tipc]
    [ 12.715286] tipc_disc_rcv+0x14d/0x1d0 [tipc]
    [ 12.716370] tipc_rcv+0x8b0/0xd40 [tipc]
    [ 12.717396] ? minmax_running_min+0x2f/0x60
    [ 12.718248] ? dst_alloc+0x4c/0xa0
    [ 12.718964] ? tcp_ack+0xaf1/0x10b0
    [ 12.719658] ? tipc_udp_is_known_peer+0xa0/0xa0 [tipc]
    [ 12.720634] tipc_udp_recv+0x71/0x1d0 [tipc]
    [ 12.721459] ? dst_alloc+0x4c/0xa0
    [ 12.722130] udp_queue_rcv_skb+0x264/0x490
    [ 12.722924] __udp4_lib_rcv+0x21e/0x990
    [ 12.723670] ? ip_route_input_rcu+0x2dd/0xbf0
    [ 12.724442] ? tcp_v4_rcv+0x958/0xa40
    [ 12.725039] udp_rcv+0x1a/0x20
    [ 12.725587] ip_local_deliver_finish+0x97/0x1d0
    [ 12.726323] ip_local_deliver+0xaf/0xc0
    [ 12.726959] ? ip_route_input_noref+0x19/0x20
    [ 12.727689] ip_rcv_finish+0xdd/0x3b0
    [ 12.728307] ip_rcv+0x2ac/0x360
    [ 12.728839] __netif_receive_skb_core+0x6fb/0xa90
    [ 12.729580] ? udp4_gro_receive+0x1a7/0x2c0
    [ 12.730274] __netif_receive_skb+0x1d/0x60
    [ 12.730953] ? __netif_receive_skb+0x1d/0x60
    [ 12.731637] netif_receive_skb_internal+0x37/0xd0
    [ 12.732371] napi_gro_receive+0xc7/0xf0
    [ 12.732920] receive_buf+0x3c3/0xd40
    [ 12.733441] virtnet_poll+0xb1/0x250
    [ 12.733944] net_rx_action+0x23e/0x370
    [ 12.734476] __do_softirq+0xc5/0x2f8
    [ 12.734922] irq_exit+0xfa/0x100
    [ 12.735315] do_IRQ+0x4f/0xd0
    [ 12.735680] common_interrupt+0xa2/0xa2
    [ 12.736126]
    [ 12.736416] RIP: 0010:native_safe_halt+0x6/0x10
    [ 12.736925] RSP: 0018:ffffa41cc0cafe90 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff4d
    [ 12.737756] RAX: 0000000000000000 RBX: ffff8c2a761edb80 RCX: 0000000000000000
    [ 12.738504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
    [ 12.739258] RBP: ffffa41cc0cafe90 R08: 0000014b5b9795e5 R09: ffffa41cc12c7e88
    [ 12.740118] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
    [ 12.740964] R13: ffff8c2a761edb80 R14: 0000000000000000 R15: 0000000000000000
    [ 12.741831] default_idle+0x2a/0x100
    [ 12.742323] arch_cpu_idle+0xf/0x20
    [ 12.742796] default_idle_call+0x28/0x40
    [ 12.743312] do_idle+0x179/0x1f0
    [ 12.743761] cpu_startup_entry+0x1d/0x20
    [ 12.744291] start_secondary+0x112/0x120
    [ 12.744816] secondary_startup_64+0xa5/0xa5
    [ 12.745367] Code: b9 f4 01 00 00 48 89 c2 48 c1 ea 02 48 3d d3 07 00
    00 48 0f 47 d1 49 8b 0c 24 48 39 d1 76 07 49 89 14 24 48 89 d1 31 d2 48
    89 df f7 f1 89 c6 e8 81 6e ff ff 5b 41 5c 5d c3 66 90 66 2e 0f 1f
    [ 12.747527] RIP: tipc_node_calculate_timer.isra.12+0x45/0x60 [tipc] RSP: ffff8c2a7fc838a0
    [ 12.748555] ---[ end trace 1399ab83390650fd ]---
    [ 12.749296] Kernel panic - not syncing: Fatal exception in interrupt
    [ 12.750123] Kernel Offset: 0x13200000 from 0xffffffff82000000
    (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
    [ 12.751215] Rebooting in 60 seconds..

    Fixes: c9b64d492b1f ("tipc: add replicast peer discovery")
    Signed-off-by: Tommi Rantala
    Cc: Jon Maloy
    Signed-off-by: David S. Miller

    Tommi Rantala
     

14 Apr, 2017

1 commit


21 Jan, 2017

1 commit

  • As a preparation for the 'replicast' functionality we are going to
    introduce in the next commits, we need the broadcast base structure to
    store whether bearer broadcast is available at all from the currently
    used bearer or bearers.

    We do this by adding a new function tipc_bearer_bcast_support() to
    the bearer layer, and letting the bearer selection function in
    bcast.c use this to give a new boolean field, 'bcast_support' the
    appropriate value.

    Reviewed-by: Parthasarathy Bhuvaragan
    Acked-by: Ying Xue
    Signed-off-by: Jon Maloy
    Signed-off-by: David S. Miller

    Jon Paul Maloy
     

03 Dec, 2016

1 commit

  • Qian Zhang (张谦) reported a potential socket buffer overflow in
    tipc_msg_build() which is also known as CVE-2016-8632: due to
    insufficient checks, a buffer overflow can occur if MTU is too short for
    even tipc headers. As anyone can set device MTU in a user/net namespace,
    this issue can be abused by a regular user.

    As agreed in the discussion on Ben Hutchings' original patch, we should
    check the MTU at the moment a bearer is attached rather than for each
    processed packet. We also need to repeat the check when bearer MTU is
    adjusted to new device MTU. UDP case also needs a check to avoid
    overflow when calculating bearer MTU.

    Fixes: b97bf3fd8f6a ("[TIPC] Initial merge")
    Signed-off-by: Michal Kubecek
    Reported-by: Qian Zhang (张谦)
    Acked-by: Ying Xue
    Signed-off-by: David S. Miller

    Michal Kubeček
     

14 Oct, 2016

1 commit


13 Sep, 2016

1 commit


30 Aug, 2016

1 commit


27 Aug, 2016

7 commits

  • When using replicast a UDP bearer can have an arbitrary amount of
    remote ip addresses associated with it. This means we cannot simply
    add all remote ip addresses to an existing bearer data message as it
    might fill the message, leaving us with a truncated message that we
    can't safely resume. To handle this we introduce the new netlink
    command TIPC_NL_UDP_GET_REMOTEIP. This command is intended to be
    called when the bearer data message has the
    TIPC_NLA_UDP_MULTI_REMOTEIP flag set, indicating there are more than
    one remote ip (replicast).

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • Add UDP bearer options to netlink bearer get message. This is used by
    the tipc user space tool to display UDP options.

    The UDP bearer information is passed using either a sockaddr_in or
    sockaddr_in6 structs. This means the user space receiver should
    intermediately store the retrieved data in a large enough struct
    (sockaddr_strage) before casting to the proper IP version type.

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Acked-by: Ying Xue
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • Automatically learn UDP remote IP addresses of communicating peers by
    looking at the source IP address of incoming TIPC link configuration
    messages (neighbor discovery).

    This makes configuration slightly easier and removes the problematic
    scenario where a node receives directly addressed neighbor discovery
    messages sent using replicast which the node cannot "reply" to using
    mutlicast, leaving the link FSM in a limbo state.

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • This patch introduces UDP replicast. A concept where we emulate
    multicast by sending multiple unicast messages to configured peers.

    The purpose of replicast is mainly to be able to use TIPC in cloud
    environments where IP multicast is disabled. Using replicas to unicast
    multicast messages is costly as we have to copy each skb and send the
    copies individually.

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • Add a function to check if a tipc UDP media address is a multicast
    address or not. This is a purely cosmetic change.

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • Split the UDP send function into two. One callback that prepares the
    skb and one transmit function that sends the skb. This will come in
    handy in later patches, when we introduce UDP replicast.

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Acked-by: Ying Xue
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • Split the UDP netlink parse function so that it only parses one
    netlink attribute at the time. This makes the parse function more
    generic and allow future UDP API functions to use it for parsing.

    Signed-off-by: Richard Alpe
    Reviewed-by: Jon Maloy
    Acked-by: Ying Xue
    Signed-off-by: David S. Miller

    Richard Alpe
     

26 Aug, 2016

1 commit


19 Aug, 2016

1 commit

  • In commit 5b7066c3dd24 ("tipc: stricter filtering of packets in bearer
    layer") we introduced a method of filtering out messages while a bearer
    is being reset, to avoid that links may be re-created and come back in
    working state while we are still in the process of shutting them down.

    This solution works well, but is limited to only work with L2 media, which
    is insufficient with the increasing use of UDP as carrier media.

    We now replace this solution with a more generic one, by introducing a
    new flag "up" in the generic struct tipc_bearer. This field will be set
    and reset at the same locations as with the previous solution, while
    the packet filtering is moved to the generic code for the sending side.
    On the receiving side, the filtering is still done in media specific
    code, but now including the UDP bearer.

    Acked-by: Ying Xue
    Signed-off-by: Jon Maloy
    Signed-off-by: David S. Miller

    Jon Paul Maloy
     

29 Jun, 2016

1 commit


15 Mar, 2016

1 commit


12 Mar, 2016

1 commit

  • This patch extends udp_tunnel6_xmit_skb() to pass in the IPv6 flow label
    from call sites. Currently, there's no such option and it's always set to
    zero when writing ip6_flow_hdr(). Add a label member to ip_tunnel_key, so
    that flow-based tunnels via collect metadata frontends can make use of it.
    vxlan and geneve will be converted to add flow label support separately.

    Signed-off-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

08 Mar, 2016

1 commit


07 Mar, 2016

3 commits

  • Make sure the user has provided a scope for multicast and link local
    addresses used locally by a UDP bearer.

    Signed-off-by: Richard Alpe
    Acked-by: Jon Maloy
    Reviewed-by: Erik Hugne
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • The netlink policy for TIPC_NLA_UDP_LOCAL and TIPC_NLA_UDP_REMOTE
    is of type binary with a defined length. This causes the policy
    framework to threat the defined length as maximum length.

    There is however no protection against a user sending a smaller
    amount of data. Prior to this patch this wasn't handled which could
    result in a partially incomplete sockaddr_storage struct containing
    uninitialized data.

    In this patch we use nla_memcpy() when copying the user data. This
    ensures a potential gap at the end is cleared out properly.

    This was found by Julia with Coccinelle tool.

    Reported-by: Daniel Borkmann
    Reported-by: Julia Lawall
    Signed-off-by: Richard Alpe
    Acked-by: Jon Maloy
    Reviewed-by: Erik Hugne
    Signed-off-by: David S. Miller

    Richard Alpe
     
  • Prior to this patch enabling a IPv4 UDP bearer caused a null pointer
    dereference in iptunnel_xmit_stats(), when it tried to dereference the
    net device from the skb. To resolve this we now point the skb device
    to the net device resolved from the routing table.

    Fixes: 039f50629b7f (ip_tunnel: Move stats update to iptunnel_xmit())
    Signed-off-by: Richard Alpe
    Acked-by: Jon Maloy
    Reviewed-by: Erik Hugne
    Signed-off-by: David S. Miller

    Richard Alpe
     

26 Dec, 2015

1 commit