On Sun, Jun 30, 2013 at 7:11 PM, Cong Wang [off-list ref] wrote:

On Sat, 2013-06-29 at 20:43 -0700, Pravin Shelar wrote:

quoted

On Fri, Jun 28, 2013 at 9:11 PM, Cong Wang [off-list ref] wrote:

quoted

From: Cong Wang <redacted>

This is a regression introduced by
commit fd58156e456d9f68fe0448 (IPIP: Use ip-tunneling code.)

Similar to GRE tunnel, previously we only check the parameters
for SIOCADDTUNNEL and SIOCCHGTUNNEL, after that commit, the
check is moved for all commands.

So, just check for SIOCADDTUNNEL and SIOCCHGTUNNEL.

Also, the check for i_key, o_key etc. is suspicious too,
which did not exist before.

This check is sanity check since ipip is not suppose to have these
parameters set, generic layer do allow all parameters.
Earlier ipip was not using generic layer, therefore that check was not present.

So, if old code doesn't reject this case with EINVAL, then your change
_does_ break user-space applications... no matter whether ipip is
supposed to have these parameters.

ok, Then we shld reset these fields before passing them to ip_tunnels layer.