git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Davide Caratti <dcaratti@redhat.com>
	Fri, 12 Feb 2021 15:12:25 +0000 (16:12 +0100)
committer	Seth Forshee <seth.forshee@canonical.com>
	Thu, 8 Apr 2021 20:42:47 +0000 (15:42 -0500)
commit	d4feaa3a7bb62bcb5d37d2e6d305fd4198f454a4
tree	23242c182c357334258802bd2776b4b69b2a4467	tree
parent	f6bb2471157a410e4e7cb9cea7a889cffa2ded2c	commit \| diff

flow_dissector: fix TTL and TOS dissection on IPv4 fragments

BugLink: https://bugs.launchpad.net/bugs/1923069
[ Upstream commit d2126838050ccd1dadf310ffb78b2204f3b032b9 ]

the following command:

# tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
$tcflags dst_ip 192.0.2.2 ip_ttl 63 action drop

doesn't drop all IPv4 packets that match the configured TTL / destination
address. In particular, if "fragment offset" or "more fragments" have non
zero value in the IPv4 header, setting of FLOW_DISSECTOR_KEY_IP is simply
ignored. Fix this dissecting IPv4 TTL and TOS before fragment info; while
at it, add a selftest for tc flower's match on 'ip_ttl' that verifies the
correct behavior.

Fixes: 518d8a2e9bad ("net/flow_dissector: add support for dissection of misc ip header fields")
Reported-by: Shuang Li <shuali@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>

net/core/flow_dissector.c		diff \| blob \| blame \| history
tools/testing/selftests/net/forwarding/tc_flower.sh		diff \| blob \| blame \| history