kernel: backport fix for missing tunnel encapsulation limit option
authorHans Dedecker <dedeckeh@gmail.com>
Thu, 21 Jun 2018 20:09:12 +0000 (22:09 +0200)
committerHans Dedecker <dedeckeh@gmail.com>
Thu, 21 Jun 2018 20:10:06 +0000 (22:10 +0200)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch [new file with mode: 0644]
target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch [new file with mode: 0644]

diff --git a/target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch b/target/linux/generic/backport-4.9/094-v4.12-0001-ip6_tunnel-Fix-missing-tunnel-encapsulation-limit-op.patch
new file mode 100644 (file)
index 0000000..0ccbacf
--- /dev/null
@@ -0,0 +1,50 @@
+From 89a23c8b528bd2c89f3981573d6cd7d23840c8a6 Mon Sep 17 00:00:00 2001
+From: Craig Gallek <cgallek@google.com>
+Date: Wed, 26 Apr 2017 14:37:45 -0400
+Subject: [PATCH] ip6_tunnel: Fix missing tunnel encapsulation limit option
+
+The IPv6 tunneling code tries to insert IPV6_TLV_TNL_ENCAP_LIMIT and
+IPV6_TLV_PADN options when an encapsulation limit is defined (the
+default is a limit of 4).  An MTU adjustment is done to account for
+these options as well.  However, the options are never present in the
+generated packets.
+
+The issue appears to be a subtlety between IPV6_DSTOPTS and
+IPV6_RTHDRDSTOPTS defined in RFC 3542.  When the IPIP tunnel driver was
+written, the encap limit options were included as IPV6_RTHDRDSTOPTS in
+dst0opt of struct ipv6_txoptions.  Later, ipv6_push_nfrags_opts was
+(correctly) updated to require IPV6_RTHDR options when IPV6_RTHDRDSTOPTS
+are to be used.  This caused the options to no longer be included in v6
+encapsulated packets.
+
+The fix is to use IPV6_DSTOPTS (in dst1opt of struct ipv6_txoptions)
+instead.  IPV6_DSTOPTS do not have the additional IPV6_RTHDR requirement.
+
+Fixes: 1df64a8569c7: ("[IPV6]: Add ip6ip6 tunnel driver.")
+Fixes: 333fad5364d6: ("[IPV6]: Support several new sockopt / ancillary data in Advanced API (RFC3542)")
+Signed-off-by: Craig Gallek <kraig@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv6/ip6_tunnel.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -957,7 +957,7 @@ static void init_tel_txopt(struct ipv6_t
+       opt->dst_opt[5] = IPV6_TLV_PADN;
+       opt->dst_opt[6] = 1;
+-      opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt;
++      opt->ops.dst1opt = (struct ipv6_opt_hdr *) opt->dst_opt;
+       opt->ops.opt_nflen = 8;
+ }
+@@ -1191,7 +1191,7 @@ route_lookup:
+       if (encap_limit >= 0) {
+               init_tel_txopt(&opt, encap_limit);
+-              ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL);
++              ipv6_push_frag_opts(skb, &opt.ops, &proto);
+       }
+       /* Calculate max headroom for all the headers and adjust
diff --git a/target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch b/target/linux/generic/backport-4.9/094-v4.12-0002-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch
new file mode 100644 (file)
index 0000000..d102e7b
--- /dev/null
@@ -0,0 +1,31 @@
+From 5b8481fa42ac58484d633b558579e302aead64c1 Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Mon, 1 May 2017 15:10:20 -0400
+Subject: [PATCH] ipv6: Need to export ipv6_push_frag_opts for tunneling now.
+
+Since that change also made the nfrag function not necessary
+for exports, remove it.
+
+Fixes: 89a23c8b528b ("ip6_tunnel: Fix missing tunnel encapsulation limit option")
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv6/exthdrs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/exthdrs.c
++++ b/net/ipv6/exthdrs.c
+@@ -729,13 +729,13 @@ void ipv6_push_nfrag_opts(struct sk_buff
+       if (opt->hopopt)
+               ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
+ }
+-EXPORT_SYMBOL(ipv6_push_nfrag_opts);
+ void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
+ {
+       if (opt->dst1opt)
+               ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
+ }
++EXPORT_SYMBOL(ipv6_push_frag_opts);
+ struct ipv6_txoptions *
+ ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)