From 92a39735650c43a738af53418feb3214231ec97a Mon Sep 17 00:00:00 2001 From: Pravin B Shelar Date: Fri, 19 Dec 2014 01:55:45 -0800 Subject: [PATCH] datapath: Fix MPLS action validation. Linux stack do not allow GSO for packet with multiple encapsulations. Therefore there was check in MPLS action validation to detect such case, But it is better to add such check at run time to detect such cases. Removing this check also fixes bug in action copy to no skip multiple set actions. Signed-off-by: Pravin B Shelar Reported-by: Srinivas Neginhal Acked-by: Jarno Rajahalme Bug #1367702 --- datapath/flow_netlink.c | 13 ++----------- datapath/linux/compat/include/net/gre.h | 3 ++- datapath/linux/compat/include/net/vxlan.h | 3 ++- datapath/vport-lisp.c | 3 ++- 4 files changed, 8 insertions(+), 14 deletions(-) diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c index 4aae3056b..c611e71a7 100644 --- a/datapath/flow_netlink.c +++ b/datapath/flow_netlink.c @@ -1764,7 +1764,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr, __be16 eth_type, __be16 vlan_tci, bool log) { const struct nlattr *a; - bool out_tnl_port = false; int rem, err; if (depth >= SAMPLE_ACTION_DEPTH) @@ -1807,7 +1806,6 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr, case OVS_ACTION_ATTR_OUTPUT: if (nla_get_u32(a) >= DP_MAX_PORTS) return -EINVAL; - out_tnl_port = false; break; @@ -1843,14 +1841,9 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr, case OVS_ACTION_ATTR_PUSH_MPLS: { const struct ovs_action_push_mpls *mpls = nla_data(a); - /* Networking stack do not allow simultaneous Tunnel - * and MPLS GSO. - */ - if (out_tnl_port) - return -EINVAL; - if (!eth_p_mpls(mpls->mpls_ethertype)) return -EINVAL; + /* Prohibit push MPLS other than to a white list * for packets that have a known tag order. */ @@ -1884,11 +1877,9 @@ static int __ovs_nla_copy_actions(const struct nlattr *attr, case OVS_ACTION_ATTR_SET: err = validate_set(a, key, sfa, - &out_tnl_port, eth_type, log); + &skip_copy, eth_type, log); if (err) return err; - - skip_copy = out_tnl_port; break; case OVS_ACTION_ATTR_SAMPLE: diff --git a/datapath/linux/compat/include/net/gre.h b/datapath/linux/compat/include/net/gre.h index b4bf2f150..494702eff 100644 --- a/datapath/linux/compat/include/net/gre.h +++ b/datapath/linux/compat/include/net/gre.h @@ -107,7 +107,8 @@ static inline int ip_gre_calc_hlen(__be16 o_flags) static inline struct sk_buff *rpl_gre_handle_offloads(struct sk_buff *skb, bool gre_csum) { - if (skb->encapsulation && skb_is_gso(skb)) { + if ((ovs_skb_get_inner_protocol(skb) || skb->encapsulation) && + skb_is_gso(skb)) { kfree_skb(skb); return ERR_PTR(-ENOSYS); } diff --git a/datapath/linux/compat/include/net/vxlan.h b/datapath/linux/compat/include/net/vxlan.h index 099d8241c..84afe53f3 100644 --- a/datapath/linux/compat/include/net/vxlan.h +++ b/datapath/linux/compat/include/net/vxlan.h @@ -15,7 +15,8 @@ static inline int rpl_vxlan_xmit_skb(struct vxlan_sock *vs, __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, __be16 src_port, __be16 dst_port, __be32 vni) { - if (skb->encapsulation && skb_is_gso(skb)) { + if ((ovs_skb_get_inner_protocol(skb) || skb->encapsulation) && + skb_is_gso(skb)) { kfree_skb(skb); return -ENOSYS; } diff --git a/datapath/vport-lisp.c b/datapath/vport-lisp.c index f3d450f5e..1eaeddb0e 100644 --- a/datapath/vport-lisp.c +++ b/datapath/vport-lisp.c @@ -417,7 +417,8 @@ static int handle_offloads(struct sk_buff *skb) #else static int handle_offloads(struct sk_buff *skb) { - if (skb->encapsulation && skb_is_gso(skb)) { + if ((ovs_skb_get_inner_protocol(skb) || skb->encapsulation) && + skb_is_gso(skb)) { kfree_skb(skb); return -ENOSYS; } -- 2.20.1