fou: reject IPv6 config
authorJiri Benc <jbenc@redhat.com>
Fri, 28 Aug 2015 18:48:21 +0000 (20:48 +0200)
committerDavid S. Miller <davem@davemloft.net>
Sat, 29 Aug 2015 20:07:54 +0000 (13:07 -0700)
fou does not really support IPv6 encapsulation. After an UDP socket is
created in fou_create, the encap_rcv callback is set either to fou_udp_recv
or to gue_udp_recv. Both of those unconditionally assume that the received
packet has an IPv4 header and access the data at network_header as it was an
IPv4 header. This leads to IPv6 flow label being interpreted as IP packet
length, etc.

Disallow fou tunnel to be configured as IPv6 until real IPv6 support is
added to fou.

CC: Tom Herbert <tom@herbertland.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/fou.c

index 2d1646cff0572054cc2982b764d817094c002146..e0fcbbbcfe54d0b35b46597b5f217075ffbc745c 100644 (file)
@@ -566,7 +566,7 @@ static int parse_nl_config(struct genl_info *info,
        if (info->attrs[FOU_ATTR_AF]) {
                u8 family = nla_get_u8(info->attrs[FOU_ATTR_AF]);
 
-               if (family != AF_INET && family != AF_INET6)
+               if (family != AF_INET)
                        return -EINVAL;
 
                cfg->udp_config.family = family;