ioam6: improve checks on user data
This patch improves two checks on user data. The first one prevents bit 23 from being set, as specified by RFC 9197 (Sec 4.4.1): Bit 23 Reserved; MUST be set to zero upon transmission and be ignored upon receipt. This bit is reserved to allow for future extensions of the IOAM Trace-Type bit field. The second one checks that the tunnel destination address != IPV6_ADDR_ANY, just like we already do for the tunnel source address. Signed-off-by: Justin Iurman <justin.iurman@uliege.be> Link: https://patch.msgid.link/20240830191919.51439-1-justin.iurman@uliege.be Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
54f1a107bd
commit
1a5c486300
@ -89,7 +89,7 @@ static bool ioam6_validate_trace_hdr(struct ioam6_trace_hdr *trace)
|
||||
trace->type.bit12 | trace->type.bit13 | trace->type.bit14 |
|
||||
trace->type.bit15 | trace->type.bit16 | trace->type.bit17 |
|
||||
trace->type.bit18 | trace->type.bit19 | trace->type.bit20 |
|
||||
trace->type.bit21)
|
||||
trace->type.bit21 | trace->type.bit23)
|
||||
return false;
|
||||
|
||||
trace->nodelen = 0;
|
||||
@ -199,9 +199,17 @@ static int ioam6_build_state(struct net *net, struct nlattr *nla,
|
||||
}
|
||||
}
|
||||
|
||||
if (tb[IOAM6_IPTUNNEL_DST])
|
||||
if (tb[IOAM6_IPTUNNEL_DST]) {
|
||||
ilwt->tundst = nla_get_in6_addr(tb[IOAM6_IPTUNNEL_DST]);
|
||||
|
||||
if (ipv6_addr_any(&ilwt->tundst)) {
|
||||
NL_SET_ERR_MSG_ATTR(extack, tb[IOAM6_IPTUNNEL_DST],
|
||||
"invalid tunnel dest address");
|
||||
err = -EINVAL;
|
||||
goto free_cache;
|
||||
}
|
||||
}
|
||||
|
||||
tuninfo = ioam6_lwt_info(lwt);
|
||||
tuninfo->eh.hdrlen = ((sizeof(*tuninfo) + len_aligned) >> 3) - 1;
|
||||
tuninfo->pad[0] = IPV6_TLV_PADN;
|
||||
|
Loading…
Reference in New Issue
Block a user