[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160318232510.14955.18977.stgit@localhost.localdomain>
Date: Fri, 18 Mar 2016 16:25:10 -0700
From: Alexander Duyck <aduyck@...antis.com>
To: ecree@...arflare.com, netdev@...r.kernel.org, davem@...emloft.net,
alexander.duyck@...il.com, tom@...bertland.com
Subject: [RFC PATCH 5/9] gue: Enforce IP ID verification on outer headers
This change enforces the IP ID verification on outer headers. As a result
if the DF flag is not set on the outer header we will force the flow to be
flushed in the event that the IP ID is out of sequence with the existing
flow.
Signed-off-by: Alexander Duyck <aduyck@...antis.com>
---
net/ipv4/fou.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c
index 780484243e14..2be35e4f6d88 100644
--- a/net/ipv4/fou.c
+++ b/net/ipv4/fou.c
@@ -341,6 +341,20 @@ static struct sk_buff **gue_gro_receive(struct sk_buff **head,
NAPI_GRO_CB(p)->same_flow = 0;
continue;
}
+
+ /* Include the IP ID check from the outer IP hdr */
+ if (!NAPI_GRO_CB(p)->flush_id)
+ continue;
+
+ /* If flush_id is non-zero and rfc6864 is enabled for
+ * the new frame the only possibility is that we are
+ * incrementing so we can xor by count to cancel out
+ * the one acceptable value.
+ */
+ NAPI_GRO_CB(p)->flush |= NAPI_GRO_CB(skb)->rfc6864 ?
+ NAPI_GRO_CB(p)->flush_id ^
+ NAPI_GRO_CB(p)->count :
+ NAPI_GRO_CB(p)->flush_id;
}
rcu_read_lock();
Powered by blists - more mailing lists