vxlan: check valid combinations of address scopes

* Multicast addresses are never valid as local address
* Link-local IPv6 unicast addresses may only be used as remote when the
  local address is link-local as well
* Don't allow link-local IPv6 local/remote addresses without interface

We also store in the flags field if link-local addresses are used for the
follow-up patches that actually make VXLAN over link-local IPv6 work.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 00680cc597ac4200637bf84298662d29991c1e42..d6d57317cbd5b295b4ba3844a61ebf675499cbd9 100644 (file)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2907,11 +2907,35 @@ static int vxlan_config_validate(struct net *src_net, struct vxlan_config *conf,
        if (conf->saddr.sa.sa_family != conf->remote_ip.sa.sa_family)
                return -EINVAL;
 
+       if (vxlan_addr_multicast(&conf->saddr))
+               return -EINVAL;
+
        if (conf->saddr.sa.sa_family == AF_INET6) {
                if (!IS_ENABLED(CONFIG_IPV6))
                        return -EPFNOSUPPORT;
                use_ipv6 = true;
                conf->flags |= VXLAN_F_IPV6;
+
+               if (!(conf->flags & VXLAN_F_COLLECT_METADATA)) {
+                       int local_type =
+                               ipv6_addr_type(&conf->saddr.sin6.sin6_addr);
+                       int remote_type =
+                               ipv6_addr_type(&conf->remote_ip.sin6.sin6_addr);
+
+                       if (local_type & IPV6_ADDR_LINKLOCAL) {
+                               if (!(remote_type & IPV6_ADDR_LINKLOCAL) &&
+                                   (remote_type != IPV6_ADDR_ANY))
+                                       return -EINVAL;
+
+                               conf->flags |= VXLAN_F_IPV6_LINKLOCAL;
+                       } else {
+                               if (remote_type ==
+                                   (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL))
+                                       return -EINVAL;
+
+                               conf->flags &= ~VXLAN_F_IPV6_LINKLOCAL;
+                       }
+               }
        }
 
        if (conf->label && !use_ipv6)
@@ -2937,6 +2961,11 @@ static int vxlan_config_validate(struct net *src_net, struct vxlan_config *conf,
                if (vxlan_addr_multicast(&conf->remote_ip))
                        return -EINVAL;
 
+#if IS_ENABLED(CONFIG_IPV6)
+               if (conf->flags & VXLAN_F_IPV6_LINKLOCAL)
+                       return -EINVAL;
+#endif
+
                *lower = NULL;
        }
 

diff --git a/include/net/vxlan.h b/include/net/vxlan.h
index 479bb75789ea595093b367104c75fbd920490c68..b816a0a6686e2b93527d3bf0dac5b3dd56380150 100644 (file)
--- a/include/net/vxlan.h
+++ b/include/net/vxlan.h
@@ -258,6 +258,7 @@ struct vxlan_dev {
 #define VXLAN_F_REMCSUM_NOPARTIAL      0x1000
 #define VXLAN_F_COLLECT_METADATA       0x2000
 #define VXLAN_F_GPE                    0x4000
+#define VXLAN_F_IPV6_LINKLOCAL         0x8000
 
 /* Flags that are used in the receive path. These flags must match in
  * order for a socket to be shareable
@@ -272,6 +273,7 @@ struct vxlan_dev {
 /* Flags that can be set together with VXLAN_F_GPE. */
 #define VXLAN_F_ALLOWED_GPE            (VXLAN_F_GPE |                  \
                                         VXLAN_F_IPV6 |                 \
+                                        VXLAN_F_IPV6_LINKLOCAL |       \
                                         VXLAN_F_UDP_ZERO_CSUM_TX |     \
                                         VXLAN_F_UDP_ZERO_CSUM6_TX |    \
                                         VXLAN_F_UDP_ZERO_CSUM6_RX |    \