ipv6: sr: allow SRH insertion with arbitrary segments_left value
authorDavid Lebrun <david.lebrun@uclouvain.be>
Sat, 5 Aug 2017 10:38:24 +0000 (12:38 +0200)
committerDavid S. Miller <davem@davemloft.net>
Mon, 7 Aug 2017 21:16:21 +0000 (14:16 -0700)
The seg6_validate_srh() function only allows SRHs whose active segment is
the first segment of the path. However, an application may insert an SRH
whose active segment is not the first one. Such an application might be
for example an SR-aware Virtual Network Function.

This patch enables to insert SRHs with an arbitrary active segment.

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/exthdrs.c
net/ipv6/seg6.c

index 3cec529c61130f5f43b7d65c4f4cb4ca63d1bf98..95516138e861ccbe039e9938a0aa98d21865f953 100644 (file)
@@ -882,7 +882,7 @@ static void ipv6_push_rthdr4(struct sk_buff *skb, u8 *proto,
               (hops - 1) * sizeof(struct in6_addr));
 
        sr_phdr->segments[0] = **addr_p;
-       *addr_p = &sr_ihdr->segments[hops - 1];
+       *addr_p = &sr_ihdr->segments[sr_ihdr->segments_left];
 
 #ifdef CONFIG_IPV6_SEG6_HMAC
        if (sr_has_hmac(sr_phdr)) {
@@ -1174,7 +1174,7 @@ struct in6_addr *fl6_update_dst(struct flowi6 *fl6,
        {
                struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)opt->srcrt;
 
-               fl6->daddr = srh->segments[srh->first_segment];
+               fl6->daddr = srh->segments[srh->segments_left];
                break;
        }
        default:
index 15fba55e3da816424b3f68adf05a2989204ff667..81c2339b32855429763ca1c39239433819f4a37f 100644 (file)
@@ -40,7 +40,7 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len)
        if (((srh->hdrlen + 1) << 3) != len)
                return false;
 
-       if (srh->segments_left != srh->first_segment)
+       if (srh->segments_left > srh->first_segment)
                return false;
 
        tlv_offset = sizeof(*srh) + ((srh->first_segment + 1) << 4);