From dc594ecd4185831031d3fef2853ee76908428107 Mon Sep 17 00:00:00 2001 From: Or Gerlitz Date: Thu, 22 Dec 2016 14:28:14 +0200 Subject: net/sched: act_tunnel_key: Fix setting UDP dst port in metadata under IPv6 The UDP dst port was provided to the helper function which sets the IPv6 IP tunnel meta-data under a wrong param order, fix that. Fixes: 75bfbca01e48 ('net/sched: act_tunnel_key: Add UDP dst port option') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: David S. Miller --- net/sched/act_tunnel_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/sched/act_tunnel_key.c b/net/sched/act_tunnel_key.c index 7af712526f01..e3a58e021198 100644 --- a/net/sched/act_tunnel_key.c +++ b/net/sched/act_tunnel_key.c @@ -134,8 +134,8 @@ static int tunnel_key_init(struct net *net, struct nlattr *nla, saddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]); daddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]); - metadata = __ipv6_tun_set_dst(&saddr, &daddr, 0, 0, 0, - dst_port, TUNNEL_KEY, + metadata = __ipv6_tun_set_dst(&saddr, &daddr, 0, 0, dst_port, + 0, TUNNEL_KEY, key_id, 0); } -- cgit v1.2.3-58-ga151 From d9724772e69cb8076231202292665ca74eec13e1 Mon Sep 17 00:00:00 2001 From: Or Gerlitz Date: Thu, 22 Dec 2016 14:28:15 +0200 Subject: net/sched: cls_flower: Mandate mask when matching on flags When matching on flags, we should require the user to provide the mask and avoid using an all-ones mask. Not doing so causes matching on flags provided w.o mask to hit on the value being unset for all flags, which may not what the user wanted to happen. Fixes: faa3ffce7829 ('net/sched: cls_flower: Add support for matching on flags') Signed-off-by: Or Gerlitz Reported-by: Paul Blakey Acked-by: Jiri Pirko Signed-off-by: David S. Miller --- net/sched/cls_flower.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'net') diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c index 35ac28d0720c..333f8e268431 100644 --- a/net/sched/cls_flower.c +++ b/net/sched/cls_flower.c @@ -442,32 +442,32 @@ static void fl_set_key_flag(u32 flower_key, u32 flower_mask, } } -static void fl_set_key_flags(struct nlattr **tb, - u32 *flags_key, u32 *flags_mask) +static int fl_set_key_flags(struct nlattr **tb, + u32 *flags_key, u32 *flags_mask) { u32 key, mask; - if (!tb[TCA_FLOWER_KEY_FLAGS]) - return; + /* mask is mandatory for flags */ + if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) + return -EINVAL; key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS])); - - if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) - mask = ~0; - else - mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK])); + mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK])); *flags_key = 0; *flags_mask = 0; fl_set_key_flag(key, mask, flags_key, flags_mask, TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); + + return 0; } static int fl_set_key(struct net *net, struct nlattr **tb, struct fl_flow_key *key, struct fl_flow_key *mask) { __be16 ethertype; + int ret = 0; #ifdef CONFIG_NET_CLS_IND if (tb[TCA_FLOWER_INDEV]) { int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]); @@ -614,9 +614,10 @@ static int fl_set_key(struct net *net, struct nlattr **tb, &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, sizeof(key->enc_tp.dst)); - fl_set_key_flags(tb, &key->control.flags, &mask->control.flags); + if (tb[TCA_FLOWER_KEY_FLAGS]) + ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags); - return 0; + return ret; } static bool fl_mask_eq(struct fl_flow_mask *mask1, -- cgit v1.2.3-58-ga151