ipv6: Don't increase IPSTATS_MIB_FRAGFAILS twice in ip6_fragment()
authorStefano Brivio <sbrivio@redhat.com>
Mon, 24 Jul 2017 21:14:28 +0000 (23:14 +0200)
committerDavid S. Miller <davem@davemloft.net>
Wed, 26 Jul 2017 04:17:10 +0000 (21:17 -0700)
RFC 2465 defines ipv6IfStatsOutFragFails as:

"The number of IPv6 datagrams that have been discarded
 because they needed to be fragmented at this output
 interface but could not be."

The existing implementation, instead, would increase the counter
twice in case we fail to allocate room for single fragments:
once for the fragment, once for the datagram.

This didn't look intentional though. In one of the two affected
affected failure paths, the double increase was simply a result
of a new 'goto fail' statement, introduced to avoid a skb leak.
The other path appears to be affected since at least 2.6.12-rc2.

Reported-by: Sabrina Dubroca <sdubroca@redhat.com>
Fixes: 1d325d217c7f ("ipv6: ip6_fragment: fix headroom tests and skb leak")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/ip6_output.c

index 1422d6c083773549d667dc88ffe07d447d5c8e97..162efba0d0cd851848363588318cf6ade4a5a62c 100644 (file)
@@ -673,8 +673,6 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
                *prevhdr = NEXTHDR_FRAGMENT;
                tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
                if (!tmp_hdr) {
-                       IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
-                                     IPSTATS_MIB_FRAGFAILS);
                        err = -ENOMEM;
                        goto fail;
                }
@@ -789,8 +787,6 @@ slow_path:
                frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
                                 hroom + troom, GFP_ATOMIC);
                if (!frag) {
-                       IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
-                                     IPSTATS_MIB_FRAGFAILS);
                        err = -ENOMEM;
                        goto fail;
                }