Skip to content

Commit 02f99df

Browse files
williamtudavem330
williamtu
authored and
davem330
committed
erspan: fix invalid erspan version.
ERSPAN only support version 1 and 2. When packets send to an erspan device which does not have proper version number set, drop the packet. In real case, we observe multicast packets sent to the erspan pernet device, erspan0, which does not have erspan version configured. Reported-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent d13d170 commit 02f99df

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

net/ipv4/ip_gre.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -722,10 +722,12 @@ static netdev_tx_t erspan_xmit(struct sk_buff *skb,
722722
erspan_build_header(skb, ntohl(tunnel->parms.o_key),
723723
tunnel->index,
724724
truncate, true);
725-
else
725+
else if (tunnel->erspan_ver == 2)
726726
erspan_build_header_v2(skb, ntohl(tunnel->parms.o_key),
727727
tunnel->dir, tunnel->hwid,
728728
truncate, true);
729+
else
730+
goto free_skb;
729731

730732
tunnel->parms.o_flags &= ~TUNNEL_KEY;
731733
__gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_ERSPAN));

net/ipv6/ip6_gre.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -979,11 +979,14 @@ static netdev_tx_t ip6erspan_tunnel_xmit(struct sk_buff *skb,
979979
erspan_build_header(skb, ntohl(t->parms.o_key),
980980
t->parms.index,
981981
truncate, false);
982-
else
982+
else if (t->parms.erspan_ver == 2)
983983
erspan_build_header_v2(skb, ntohl(t->parms.o_key),
984984
t->parms.dir,
985985
t->parms.hwid,
986986
truncate, false);
987+
else
988+
goto tx_err;
989+
987990
fl6.daddr = t->parms.raddr;
988991
}
989992

0 commit comments

Comments
 (0)