RE: [PATCH v2 net-next 1/3] ipv6: Prevent unexpected sk->sk_prot changes

Tue, 15 Aug 2017 06:10:11 -0700 

Hi Eric,

> -----Original Message-----
> From: Eric Dumazet [mailto:eric.duma...@gmail.com]
> Sent: Tuesday, August 15, 2017 14:59
> To: Ilya Lesokhin <il...@mellanox.com>
> Cc: netdev@vger.kernel.org; da...@davemloft.net; davejwat...@fb.com;
> Aviad Yehezkel <avia...@mellanox.com>; Boris Pismenny
> <bor...@mellanox.com>
> Subject: Re: [PATCH v2 net-next 1/3] ipv6: Prevent unexpected sk->sk_prot
> changes
> 
> On Tue, 2017-08-15 at 14:08 +0300, Ilya Lesokhin wrote:
> > With this patch IPV6 code ensure that only sockets with the
> > expected sk->sk_prot are converted to IPV4.
> >
> > Signed-off-by: Boris Pismenny <bor...@mellanox.com>
> > ---
> >  net/ipv6/ipv6_sockglue.c | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
> >
> > diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
> > index 02d795f..318cd344 100644
> > --- a/net/ipv6/ipv6_sockglue.c
> > +++ b/net/ipv6/ipv6_sockglue.c
> > @@ -174,6 +174,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int
> level, int optname,
> >             if (val == PF_INET) {
> >                     struct ipv6_txoptions *opt;
> >                     struct sk_buff *pktopt;
> > +                   struct proto *expected_prot;
> >
> >                     if (sk->sk_type == SOCK_RAW)
> >                             break;
> > @@ -199,6 +200,17 @@ static int do_ipv6_setsockopt(struct sock *sk, int
> level, int optname,
> >                             break;
> >                     }
> >
> > +                   if (sk->sk_protocol == IPPROTO_TCP &&
> > +                       sk->sk_prot != &tcpv6_prot)
> > +                           break;
> > +
> > +                   expected_prot = &udpv6_prot;
> > +                   if (sk->sk_protocol == IPPROTO_UDPLITE)
> > +                           expected_prot = &udplitev6_prot;
> > +
> > +                   if (sk->sk_prot != expected_prot)
> > +                           break;
> > +
> >                     fl6_free_socklist(sk);
> >                     __ipv6_sock_mc_close(sk);
> >
> 
> I am afraid I do not understand this patch at all.
> 
> Direct references to tcpv6_prot, udpv6_prot, and udplitev6_prot in
> net/ipv6/ipv6_sockglue.c looks completely broken.
> 
> Please provide something cleaner, maybe by adding a new method
> (implementation would then be provided in TCP / UDP code )
> 
> 

The IPV6_ADDRFORM socket option assumes that when 
(sk->sk_protocol == IPPROTO_TCP)
then the sk_proto is set to tcpv6_prot and it replaces it with tcp_prot.

This patch ensures that the IPV6_ADDRFORM socket option doesn't replace
the socket's sk_prot to tcp when it is not expected. For example, TLS sockets
also replace sk_prot, and we need to prevent IPV6_ADDRFORM from
overriding these.

Are you suggesting that each socket protocol will provide a method that
converts it from IPv6 to IPv4?

Reply via email to