From 7f3121cf8a72490ee36edbcecf0adde8246867b5 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Thu, 21 Jun 2018 22:09:12 +0200 Subject: kernel: backport fix for missing tunnel encapsulation limit option Signed-off-by: Hans Dedecker --- ...Fix-missing-tunnel-encapsulation-limit-op.patch | 50 ++++++++++++++++++++++ ...o-export-ipv6_push_frag_opts-for-tunnelin.patch | 31 ++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch create mode 100644 target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch (limited to 'target/linux') diff --git a/target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch b/target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch new file mode 100644 index 0000000000..0ccbacf3d0 --- /dev/null +++ b/target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch @@ -0,0 +1,50 @@ +From 89a23c8b528bd2c89f3981573d6cd7d23840c8a6 Mon Sep 17 00:00:00 2001 +From: Craig Gallek +Date: Wed, 26 Apr 2017 14:37:45 -0400 +Subject: [PATCH] ip6_tunnel: Fix missing tunnel encapsulation limit option + +The IPv6 tunneling code tries to insert IPV6_TLV_TNL_ENCAP_LIMIT and +IPV6_TLV_PADN options when an encapsulation limit is defined (the +default is a limit of 4). An MTU adjustment is done to account for +these options as well. However, the options are never present in the +generated packets. + +The issue appears to be a subtlety between IPV6_DSTOPTS and +IPV6_RTHDRDSTOPTS defined in RFC 3542. When the IPIP tunnel driver was +written, the encap limit options were included as IPV6_RTHDRDSTOPTS in +dst0opt of struct ipv6_txoptions. Later, ipv6_push_nfrags_opts was +(correctly) updated to require IPV6_RTHDR options when IPV6_RTHDRDSTOPTS +are to be used. This caused the options to no longer be included in v6 +encapsulated packets. + +The fix is to use IPV6_DSTOPTS (in dst1opt of struct ipv6_txoptions) +instead. IPV6_DSTOPTS do not have the additional IPV6_RTHDR requirement. + +Fixes: 1df64a8569c7: ("[IPV6]: Add ip6ip6 tunnel driver.") +Fixes: 333fad5364d6: ("[IPV6]: Support several new sockopt / ancillary data in Advanced API (RFC3542)") +Signed-off-by: Craig Gallek +Signed-off-by: David S. Miller +--- + net/ipv6/ip6_tunnel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/ipv6/ip6_tunnel.c ++++ b/net/ipv6/ip6_tunnel.c +@@ -957,7 +957,7 @@ static void init_tel_txopt(struct ipv6_t + opt->dst_opt[5] = IPV6_TLV_PADN; + opt->dst_opt[6] = 1; + +- opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt; ++ opt->ops.dst1opt = (struct ipv6_opt_hdr *) opt->dst_opt; + opt->ops.opt_nflen = 8; + } + +@@ -1191,7 +1191,7 @@ route_lookup: + + if (encap_limit >= 0) { + init_tel_txopt(&opt, encap_limit); +- ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL); ++ ipv6_push_frag_opts(skb, &opt.ops, &proto); + } + + /* Calculate max headroom for all the headers and adjust diff --git a/target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch b/target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch new file mode 100644 index 0000000000..d102e7bb85 --- /dev/null +++ b/target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch @@ -0,0 +1,31 @@ +From 5b8481fa42ac58484d633b558579e302aead64c1 Mon Sep 17 00:00:00 2001 +From: "David S. Miller" +Date: Mon, 1 May 2017 15:10:20 -0400 +Subject: [PATCH] ipv6: Need to export ipv6_push_frag_opts for tunneling now. + +Since that change also made the nfrag function not necessary +for exports, remove it. + +Fixes: 89a23c8b528b ("ip6_tunnel: Fix missing tunnel encapsulation limit option") +Signed-off-by: David S. Miller +--- + net/ipv6/exthdrs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/exthdrs.c ++++ b/net/ipv6/exthdrs.c +@@ -729,13 +729,13 @@ void ipv6_push_nfrag_opts(struct sk_buff + if (opt->hopopt) + ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt); + } +-EXPORT_SYMBOL(ipv6_push_nfrag_opts); + + void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto) + { + if (opt->dst1opt) + ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt); + } ++EXPORT_SYMBOL(ipv6_push_frag_opts); + + struct ipv6_txoptions * + ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) -- cgit v1.2.3