Merge branch 'gtp-fixes'

Pablo Neira Ayuso says:

====================
GTP tunneling fixes for net

The following patchset contains two GTP tunneling fixes for your net
tree, they are:

1) Offset to IPv4 header in gtp_check_src_ms_ipv4() is incorrect, thus
   this function always succeeds and therefore this defeats this sanity
   check. This allows packets that have no PDP to go though, patch from
   Lionel Gauthier.

2) According to Note 0 of Figure 2 in Section 6 of 3GPP TS 29.060 v13.5.0
   Release 13, always set GTPv1 reserved bit to zero. This may cause
   interoperability problems, patch from Harald Welte.

Please, apply, thanks a lot!
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2016-12-17 12:00:26 -05:00
commit 40e972ab65
1 changed files with 4 additions and 4 deletions

View File

@ -158,9 +158,9 @@ static bool gtp_check_src_ms_ipv4(struct sk_buff *skb, struct pdp_ctx *pctx,
if (!pskb_may_pull(skb, hdrlen + sizeof(struct iphdr))) if (!pskb_may_pull(skb, hdrlen + sizeof(struct iphdr)))
return false; return false;
iph = (struct iphdr *)(skb->data + hdrlen + sizeof(struct iphdr)); iph = (struct iphdr *)(skb->data + hdrlen);
return iph->saddr != pctx->ms_addr_ip4.s_addr; return iph->saddr == pctx->ms_addr_ip4.s_addr;
} }
/* Check if the inner IP source address in this packet is assigned to any /* Check if the inner IP source address in this packet is assigned to any
@ -423,11 +423,11 @@ static inline void gtp1_push_header(struct sk_buff *skb, struct pdp_ctx *pctx)
/* Bits 8 7 6 5 4 3 2 1 /* Bits 8 7 6 5 4 3 2 1
* +--+--+--+--+--+--+--+--+ * +--+--+--+--+--+--+--+--+
* |version |PT| 1| E| S|PN| * |version |PT| 0| E| S|PN|
* +--+--+--+--+--+--+--+--+ * +--+--+--+--+--+--+--+--+
* 0 0 1 1 1 0 0 0 * 0 0 1 1 1 0 0 0
*/ */
gtp1->flags = 0x38; /* v1, GTP-non-prime. */ gtp1->flags = 0x30; /* v1, GTP-non-prime. */
gtp1->type = GTP_TPDU; gtp1->type = GTP_TPDU;
gtp1->length = htons(payload_len); gtp1->length = htons(payload_len);
gtp1->tid = htonl(pctx->u.v1.o_tei); gtp1->tid = htonl(pctx->u.v1.o_tei);