Thread (12 messages) 12 messages, 5 authors, 2013-07-02

Re: [Patch net-next v2] gre: fix a regression in ioctl

From: Pravin Shelar <hidden>
Date: 2013-06-29 03:28:54 

On Fri, Jun 28, 2013 at 7:24 PM, Cong Wang [off-list ref] wrote:
From: Cong Wang <redacted>

When testing GRE tunnel, I got:

 # ip tunnel show
 get tunnel gre0 failed: Invalid argument
 get tunnel gre1 failed: Invalid argument

This is a regression introduced by commit c54419321455631079c7d
("GRE: Refactor GRE tunneling code.") because previously we
only check the parameters for SIOCADDTUNNEL and SIOCCHGTUNNEL,
after that commit, the check is moved for all commands.
right, that API got changed. But these checks can not be added to
generic ip_tunnel layer, which is also used by other tunnel modules.
Can you keep that check in ip_gre module but do it only for add and
del tunnel commands?
quoted hunk ↗ jump to hunk
So, just move it back inside SIOCADDTUNNEL and SIOCCHGTUNNEL.

After this patch I got:

 # ip tunnel show
 gre0: gre/ip  remote any  local any  ttl inherit  nopmtudisc
 gre1: gre/ip  remote 192.168.122.101  local 192.168.122.45  ttl inherit

Cc: Pravin B Shelar <redacted>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Cong Wang <redacted>
---
v2: check TUNNEL_* flags

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index c326e86..354d78c 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -314,11 +314,6 @@ static int ipgre_tunnel_ioctl(struct net_device *dev,

        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
                return -EFAULT;
-       if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
-           p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
-           ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING))) {
-               return -EINVAL;
-       }
        p.i_flags = gre_flags_to_tnl_flags(p.i_flags);
        p.o_flags = gre_flags_to_tnl_flags(p.o_flags);

diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 394cebc..dc7d7ac 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -712,6 +712,11 @@ int ip_tunnel_ioctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)

        case SIOCADDTUNNEL:
        case SIOCCHGTUNNEL:
+               if (p->iph.version != 4 || p->iph.protocol != IPPROTO_GRE ||
+                   p->iph.ihl != 5 || (p->iph.frag_off&htons(~IP_DF)) ||
+                   ((p->i_flags|p->o_flags)&(TUNNEL_VERSION|TUNNEL_ROUTING)))
+                       return -EINVAL;
+
                err = -EPERM;
                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
                        goto done;
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help