The ip header checksum can be error in the following steps.
$ ip netns add ns1
$ ip link add gw link eth0 type ipvlan
$ ip addr add 168.16.0.1/24 dev gw
$ ip link set dev gw up
$ ip link add ip1 link eth0 type ipvlan
$ ip link set ip1 netns ns1
$ ip netns exec ns1 ip link set ip1 up
$ ip netns exec ns1 ip addr add 168.16.0.2/24 dev ip1
$ ip netns exec ns1 tc qdisc add dev ip1 root netem corrupt 50%
$ ip netns exec ns1 ping 168.16.0.1
The ip header of a packet maybe modified when it steps in
ipvlan_process_v4_outbound because of the netem, the corruptted
packets should be dropped.
Here I add the check of ip header to drop the corruptted packets
and to avoid a problem in some cases.
Signed-off-by: guodeqing <geffrey....@huawei.com>
---
drivers/net/ipvlan/ipvlan_core.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
index 8801d09..22cef89 100644
--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -428,6 +428,12 @@ static int ipvlan_process_v4_outbound(struct sk_buff *skb)
.saddr = ip4h->saddr,
};
+ if (ip4h->ihl < 5)
+ goto err;
+
+ if (unlikely(ip_fast_csum((u8 *)ip4h, ip4h->ihl)))
+ goto err;
+
rt = ip_route_output_flow(net, &fl4, NULL);
if (IS_ERR(rt))
goto err;
--
2.7.4
