linux/net
Boris Sukholitko 0dca2c7404 net/sched: cls_flower: Remove match on n_proto
The following flower filters fail to match packets:

tc filter add dev eth0 ingress protocol 0x8864 flower \
	action simple sdata hi64
tc filter add dev eth0 ingress protocol 802.1q flower \
	vlan_ethtype 0x8864 action simple sdata "hi vlan"

The protocol 0x8864 (ETH_P_PPP_SES) is a tunnel protocol. As such, it is
being dissected by __skb_flow_dissect and it's internal protocol is
being set as key->basic.n_proto. IOW, the existence of ETH_P_PPP_SES
tunnel is transparent to the callers of __skb_flow_dissect.

OTOH, in the filters above, cls_flower configures its key->basic.n_proto
to the ETH_P_PPP_SES value configured by the user. Matching on this key
fails because of __skb_flow_dissect "transparency" mentioned above.

In the following, I would argue that the problem lies with cls_flower,
unnessary attempting key->basic.n_proto match.

There are 3 close places in fl_set_key in cls_flower setting up
mask->basic.n_proto. They are (in reverse order of appearance in the
code) due to:

(a) No vlan is given: use TCA_FLOWER_KEY_ETH_TYPE parameter
(b) One vlan tag is given: use TCA_FLOWER_KEY_VLAN_ETH_TYPE
(c) Two vlans are given: use TCA_FLOWER_KEY_CVLAN_ETH_TYPE

The match in case (a) is unneeded because flower has no its own
eth_type parameter. It was removed by Jamal Hadi Salim in commit
488b41d020fb06428b90289f70a41210718f52b7 in iproute2. For
TCA_FLOWER_KEY_ETH_TYPE the userspace uses the generic tc filter
protocol field. Therefore the match for the case (a) is done by tc
itself.

The matches in cases (b), (c) are unneeded because the protocol will
appear in and will be matched by flow_dissector_key_vlan.vlan_tpid.
Therefore in the best case, key->basic.n_proto will try to repeat vlan
key match again.

The below patch removes mask->basic.n_proto setting and resets it to 0
in case (c).

Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-06-15 10:26:51 -07:00
..
6lowpan 6lowpan: Fix some typos in nhc_udp.c 2021-03-24 17:52:11 -07:00
9p 9p/trans_virtio: Fix spelling mistakes 2021-06-02 14:01:55 -07:00
802
8021q net: vlan: Avoid using strncpy() 2021-06-03 14:15:10 -07:00
appletalk net: appletalk: fix some mistakes in grammar 2021-06-08 19:27:57 -07:00
atm atm: Use list_for_each_entry() to simplify code in resources.c 2021-06-10 14:08:09 -07:00
ax25 net/ax25: Delete obsolete TODO file 2021-03-30 16:54:50 -07:00
batman-adv batman-adv: Drop reduntant batadv interface check 2021-06-02 22:25:45 +02:00
bluetooth Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-06-07 13:01:52 -07:00
bpf bpf: Prepare bpf syscall to be used from kernel and user space. 2021-05-19 00:33:40 +02:00
bpfilter
bridge net: bridge: mrp: Update ring transitions. 2021-06-04 14:41:28 -07:00
caif Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-06-07 13:01:52 -07:00
can linux-can-next-for-5.14-20210527 2021-05-27 14:39:11 -07:00
ceph libceph: Fix spelling mistakes 2021-06-03 13:24:23 -07:00
core net: flow_dissector: fix RPS on DSA masters 2021-06-14 13:15:22 -07:00
dcb net: dcb: Return the correct errno code 2021-06-01 17:01:33 -07:00
dccp dccp: tfrc: fix doc warnings in tfrc_equation.c 2021-06-10 14:08:49 -07:00
decnet decnet: Fix spelling mistakes 2021-06-02 14:01:55 -07:00
dns_resolver
dsa net: dsa: dsa_slave_phy_connect(): extend phy's flags with port specific phy flags 2021-06-14 12:54:43 -07:00
ethernet of: net: pass the dst buffer to of_get_mac_address() 2021-04-13 14:35:02 -07:00
ethtool ethtool: Fix a typo 2021-06-02 14:01:55 -07:00
hsr net: hsr: fix mac_len checks 2021-05-24 14:10:28 -07:00
ieee802154 ieee802154: fix error return code in ieee802154_llsec_getparams() 2021-06-03 10:59:49 +02:00
ife
ipv4 ipv4: Fix spelling mistakes 2021-06-07 14:08:30 -07:00
ipv6 mld: avoid unnecessary high order page allocation in mld_newpack() 2021-06-14 12:46:00 -07:00
iucv net/af_iucv: clean up some forward declarations 2021-06-12 13:06:33 -07:00
kcm net: kcm: fix memory leak in kcm_sendmsg 2021-06-03 14:13:26 -07:00
key
l2tp l2tp: Fix spelling mistakes 2021-06-07 14:08:30 -07:00
l3mdev l3mdev: Correct function names in the kerneldoc comments 2021-03-28 17:56:55 -07:00
lapb net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c 2021-06-08 16:31:25 -07:00
llc llc2: Remove redundant assignment to rc 2021-04-27 14:16:14 -07:00
mac80211 mac80211: extend protection against mixed key and fragment cache attacks 2021-05-11 20:14:50 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-06 22:42:16 +02:00
mpls mpls: Remove redundant assignment to err 2021-04-27 14:17:00 -07:00
mptcp Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-06-07 13:01:52 -07:00
ncsi net/ncsi: Fix spelling mistakes 2021-06-07 14:08:30 -07:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2021-06-09 14:50:35 -07:00
netlabel netlabel: Fix spelling mistakes 2021-06-07 14:08:30 -07:00
netlink netlink: disable IRQs for netlink_lock_table() 2021-05-17 15:31:03 -07:00
netrom net: netrom: nr_in: Remove redundant assignment to ns 2021-04-28 13:59:08 -07:00
nfc Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-06-07 13:01:52 -07:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-05-27 09:55:10 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-05-27 09:55:10 -07:00
phonet
psample
qrtr net: qrtr: ns: Fix error return code in qrtr_ns_init() 2021-05-19 13:14:35 -07:00
rds rds: Fix spelling mistakes 2021-05-31 22:45:05 -07:00
rfkill Another set of updates, all over the map: 2021-04-20 16:44:04 -07:00
rose
rxrpc rxrpc: Fix a typo 2021-06-02 14:01:55 -07:00
sched net/sched: cls_flower: Remove match on n_proto 2021-06-15 10:26:51 -07:00
sctp sctp: sm_statefuns: Fix spelling mistakes 2021-05-31 22:45:15 -07:00
smc net/smc: no need to flush smcd_dev's event_wq before destroying it 2021-06-03 13:54:49 -07:00
strparser
sunrpc NFS client updates for Linux 5.13 2021-05-07 11:23:41 -07:00
switchdev
tipc tipc:subscr.c: fix a spelling mistake 2021-06-10 13:48:43 -07:00
tls skbuff: add a parameter to __skb_frag_unref 2021-06-07 14:11:47 -07:00
unix af_unix: remove the repeated word "and" 2021-06-10 13:46:38 -07:00
vmw_vsock vsock/loopback: enable SEQPACKET for transport 2021-06-11 13:32:47 -07:00
wireless cfg80211: mitigate A-MSDU aggregation attacks 2021-05-11 20:13:13 +02:00
x25 net: x25: Use list_for_each_entry() to simplify code in x25_route.c 2021-06-10 14:08:09 -07:00
xdp xsk: Fix for xp_aligned_validate_desc() when len == chunk_size 2021-05-04 00:28:06 +02:00
xfrm xfrm: ipcomp: remove unnecessary get_cpu() 2021-04-19 12:49:29 +02:00
compat.c net: Return the correct errno code 2021-06-03 15:13:56 -07:00
devres.c net: devres: Correct a grammatical error 2021-06-11 12:55:28 -07:00
Kconfig bpf, kconfig: Add consolidated menu entry for bpf with core options 2021-05-11 13:56:16 -07:00
Makefile
socket.c net: Fix a misspell in socket.c 2021-03-25 16:56:27 -07:00
sysctl_net.c net: Ensure net namespace isolation of sysctls 2021-04-12 13:27:11 -07:00