On 17-05-05 08:47 AM, Simon Horman wrote:
Return an error from __skb_flow_dissect() if insufficient packet data is
present when dissecting layer 4 ports.
Without this patch the absence of ports in truncated - e.g. UDP - packets
is treated the same way by the flow dissector as the presence of ports with
a value of zero. And without this patch the flower classifier is unable to
differentiate between these two cases which may lead to unexpected matching
of truncated packets.
With this patch the flow dissector and in turn the flower classifier can
differentiate between packets with zero L4 ports and truncated packets.
The approach taken here is to only return an error if the offset of ports
for the previously dissected IP protocol is known - a non error return from
proto_ports_offset() - but port data is not present in the packet - an
error return value from __skb_header_pointer().
The behaviour for callers of __skb_flow_get_ports() is changed but the only
callers are skb_flow_get_ports() and the flow dissector. The former has
been updated so that its behaviour is unchanged. Behavioural change of the
latter is the intended purpose of this patch but will only take effect with
a separate patch to have it refuse to match if dissection fails.
This change will lead to behavioural changes of the users of the dissector
with FLOW_DISSECTOR_KEY_PORTS - flower, and users of
flow_keys_dissector_keys[] and flow_keys_dissector_symmetric_keys[]. The
behavioural change for *_keys[] changes seem reasonable as the change will
should only be for truncated packets.
Signed-off-by: Simon Horman <simon.hor...@netronome.com>
Reviewed-by: Benjamin LaHaise <benjamin.laha...@netronome.com>
Reviewed-by: Jamal Hadi Salim <j...@mojatatu.com>
cheers,
jamal
