releases/4.14.117/ipv4-ip_do_fragment-preserve-skb_iif-during-fragmentation.patch

   1 From foo@baz Sat 04 May 2019 11:25:56 AM CEST
   2 From: Shmulik Ladkani <shmulik@metanetworks.com>
   3 Date: Mon, 29 Apr 2019 16:39:30 +0300
   4 Subject: ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
   5
   6 From: Shmulik Ladkani <shmulik@metanetworks.com>
   7
   8 [ Upstream commit d2f0c961148f65bc73eda72b9fa3a4e80973cb49 ]
   9
  10 Previously, during fragmentation after forwarding, skb->skb_iif isn't
  11 preserved, i.e. 'ip_copy_metadata' does not copy skb_iif from given
  12 'from' skb.
  13
  14 As a result, ip_do_fragment's creates fragments with zero skb_iif,
  15 leading to inconsistent behavior.
  16
  17 Assume for example an eBPF program attached at tc egress (post
  18 forwarding) that examines __sk_buff->ingress_ifindex:
  19  - the correct iif is observed if forwarding path does not involve
  20    fragmentation/refragmentation
  21  - a bogus iif is observed if forwarding path involves
  22    fragmentation/refragmentatiom
  23
  24 Fix, by preserving skb_iif during 'ip_copy_metadata'.
  25
  26 Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
  27 Signed-off-by: David S. Miller <davem@davemloft.net>
  28 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  29 ---
  30  net/ipv4/ip_output.c |    1 +
  31  1 file changed, 1 insertion(+)
  32
  33 --- a/net/ipv4/ip_output.c
  34 +++ b/net/ipv4/ip_output.c
  35 @@ -518,6 +518,7 @@ static void ip_copy_metadata(struct sk_b
  36         to->pkt_type = from->pkt_type;
  37         to->priority = from->priority;
  38         to->protocol = from->protocol;
  39 +       to->skb_iif = from->skb_iif;
  40         skb_dst_drop(to);
  41         skb_dst_copy(to, from);
  42         to->dev = from->dev;