fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 03:30:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

bpf: clat: fix error handling for IPv6 packets

Browse source 
There are 3 possible results from clat_translate_v6():

 1. the packet didn't match the CLAT IPv6 address and must be
   accepted;

 2. the packet matches but it is invalid and so it must be dropped;

 3. the packet matches and it is valid; clat_handle_v6() should
    translate the packet to IPv4;

Before, the function returned TC_ACT_SHOT for both 2 and 3. Therefore,
clat_handle_v6() tried to rewrite also invalid packets.

Fix that by returning TC_ACT_UNSPEC for valid packets, meaning that
there isn't a final verdict yet.
This commit is contained in:
Beniamino Galvani 2025-10-03 16:58:39 +02:00
parent 25158ac7e6
commit 1aa9bc1f5e
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/core/bpf/clat.bpf.c
View file

@ -637,6 +637,7 @@ icmp_out:
*dst_hdr_out = dst_hdr;
ret = TC_ACT_UNSPEC;
out:
return ret;
}
@ -656,10 +657,12 @@ clat_handle_v6(struct __sk_buff *skb, struct hdr_cursor *nh)
int ip_offset = (nh->pos - data) & 0x1fff;
ret = clat_translate_v6(skb, nh, data_end, &dst_hdr, 0);
if (ret != TC_ACT_SHOT) {
if (ret != TC_ACT_UNSPEC) {
goto out;
}
ret = TC_ACT_SHOT;
if (bpf_skb_change_proto(skb, bpf_htons(ETH_P_IP), 0))
goto out;