Merge branch 'ipv4-ensure-ecn-bits-don-t-influence-source-address-validation'

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Guillaume Nault says:

====================
ipv4: Ensure ECN bits don't influence source address validation

Functions that end up calling fib_table_lookup() should clear the ECN
bits from the TOS, otherwise ECT(0) and ECT(1) packets can be treated
differently.

Most functions already clear the ECN bits, but there are a few cases
where this is not done. This series only fixes the ones related to
source address validation.
====================

Link: https://lore.kernel.org/r/cover.1610790904.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 5 years ago 2565ff4e f7b9820d

+3 -2

2 changed files

expand all

net

ipv4

netfilter

ipt_rpfilter.c

udp.c

+1 -1

net/ipv4/netfilter/ipt_rpfilter.c

··· 76 76 flow.daddr = iph->saddr; 77 77 flow.saddr = rpfilter_get_saddr(iph->daddr); 78 78 flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0; 79 - flow.flowi4_tos = RT_TOS(iph->tos); 79 + flow.flowi4_tos = iph->tos & IPTOS_RT_MASK; 80 80 flow.flowi4_scope = RT_SCOPE_UNIVERSE; 81 81 flow.flowi4_oif = l3mdev_master_ifindex_rcu(xt_in(par)); 82 82

+2 -1

net/ipv4/udp.c

··· 2555 2555 */ 2556 2556 if (!inet_sk(sk)->inet_daddr && in_dev) 2557 2557 return ip_mc_validate_source(skb, iph->daddr, 2558 - iph->saddr, iph->tos, 2558 + iph->saddr, 2559 + iph->tos & IPTOS_RT_MASK, 2559 2560 skb->dev, in_dev, &itag); 2560 2561 } 2561 2562 return 0;