flow_dissector: do not dissect l4 ports for fragments

BugLink: https://bugs.launchpad.net/bugs/1836968
[ Upstream commit 62230715fd2453b3ba948c9d83cfb3ada9169169 ]

Only first fragment has the sport/dport information,
not the following ones.

If we want consistent hash for all fragments, we need to
ignore ports even for first fragment.

This bug is visible for IPv6 traffic, if incoming fragments
do not have a flow label, since skb_get_hash() will give
different results for first fragment and following ones.

It is also visible if any routing rule wants dissection
and sport or dport.

See commit 5e5d6fed3741 ("ipv6: route: dissect flow
in input path if fib rules need it") for details.

[edumazet] rewrote the changelog completely.

Fixes: 06635a35d13d ("flow_dissect: use programable dissector in skb_flow_dissect and friends")
Signed-off-by: 배석진 <soukjin.bae@samsung.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index b2296681f284064194d1c47553dfea6103e567f7..1757bcf1b3c9ed01cf905da74d9a339a4c17af97 100644 (file)
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -938,8 +938,8 @@ ip_proto_again:
                break;
        }
 
-       if (dissector_uses_key(flow_dissector,
-                              FLOW_DISSECTOR_KEY_PORTS)) {
+       if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS) &&
+           !(key_control->flags & FLOW_DIS_IS_FRAGMENT)) {
                key_ports = skb_flow_dissector_target(flow_dissector,
                                                      FLOW_DISSECTOR_KEY_PORTS,
                                                      target_container);