| Message ID | 1521031768-19131-3-git-send-email-Michal.Kalderon@cavium.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On Wed, 2018-03-14 at 14:49 +0200, Michal Kalderon wrote: > FW workaround. The iWARP LL2 connection did not expect TCP packets > to arrive on it's connection. The fix drops any non-tcp packets [] > diff --git a/drivers/net/ethernet/qlogic/qed/qed_iwarp.c b/drivers/net/ethernet/qlogic/qed/qed_iwarp.c [] > @@ -1703,6 +1703,13 @@ qed_iwarp_parse_rx_pkt(struct qed_hwfn *p_hwfn, > iph = (struct iphdr *)((u8 *)(ethh) + eth_hlen); > > if (eth_type == ETH_P_IP) { > + if (iph->protocol != IPPROTO_TCP) { > + DP_NOTICE(p_hwfn, > + "Unexpected ip protocol on ll2 %x\n", > + iph->protocol); > + return -EINVAL; > + } Perhaps this should be ratelimited. > + > cm_info->local_ip[0] = ntohl(iph->daddr); > cm_info->remote_ip[0] = ntohl(iph->saddr); > cm_info->ip_version = TCP_IPV4; > @@ -1711,6 +1718,14 @@ qed_iwarp_parse_rx_pkt(struct qed_hwfn *p_hwfn, > *payload_len = ntohs(iph->tot_len) - ip_hlen; > } else if (eth_type == ETH_P_IPV6) { > ip6h = (struct ipv6hdr *)iph; > + > + if (ip6h->nexthdr != IPPROTO_TCP) { > + DP_NOTICE(p_hwfn, > + "Unexpected ip protocol on ll2 %x\n", > + iph->protocol); > + return -EINVAL; here too > + } > + > for (i = 0; i < 4; i++) { > cm_info->local_ip[i] = > ntohl(ip6h->daddr.in6_u.u6_addr32[i]); -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> From: Joe Perches [mailto:joe@perches.com] > Sent: Wednesday, March 14, 2018 3:03 PM > To: Kalderon, Michal <Michal.Kalderon@cavium.com>; > davem@davemloft.net > Cc: netdev@vger.kernel.org; dledford@redhat.com; jgg@mellanox.com; > linux-rdma@vger.kernel.org; Elior, Ariel <Ariel.Elior@cavium.com> > Subject: Re: [PATCH net 2/2] qed: Fix non TCP packets should be dropped on > iWARP ll2 connection > > [This sender failed our fraud detection checks and may not be who they > appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing] > > On Wed, 2018-03-14 at 14:49 +0200, Michal Kalderon wrote: > > FW workaround. The iWARP LL2 connection did not expect TCP packets to > > arrive on it's connection. The fix drops any non-tcp packets > [] > > diff --git a/drivers/net/ethernet/qlogic/qed/qed_iwarp.c > > b/drivers/net/ethernet/qlogic/qed/qed_iwarp.c > [] > > @@ -1703,6 +1703,13 @@ qed_iwarp_parse_rx_pkt(struct qed_hwfn > *p_hwfn, > > iph = (struct iphdr *)((u8 *)(ethh) + eth_hlen); > > > > if (eth_type == ETH_P_IP) { > > + if (iph->protocol != IPPROTO_TCP) { > > + DP_NOTICE(p_hwfn, > > + "Unexpected ip protocol on ll2 %x\n", > > + iph->protocol); > > + return -EINVAL; > > + } > > Perhaps this should be ratelimited. The rate of the packets that could arrive here is very low. It has to do with a corner case Of RoCEv2 packets being sent to a device that was enabled with iWARP. > > > + > > cm_info->local_ip[0] = ntohl(iph->daddr); > > cm_info->remote_ip[0] = ntohl(iph->saddr); > > cm_info->ip_version = TCP_IPV4; @@ -1711,6 +1718,14 @@ > > qed_iwarp_parse_rx_pkt(struct qed_hwfn *p_hwfn, > > *payload_len = ntohs(iph->tot_len) - ip_hlen; > > } else if (eth_type == ETH_P_IPV6) { > > ip6h = (struct ipv6hdr *)iph; > > + > > + if (ip6h->nexthdr != IPPROTO_TCP) { > > + DP_NOTICE(p_hwfn, > > + "Unexpected ip protocol on ll2 %x\n", > > + iph->protocol); > > + return -EINVAL; > > here too > > > + } > > + > > for (i = 0; i < 4; i++) { > > cm_info->local_ip[i] = > > ntohl(ip6h->daddr.in6_u.u6_addr32[i]); -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/ethernet/qlogic/qed/qed_iwarp.c b/drivers/net/ethernet/qlogic/qed/qed_iwarp.c index fefe527..d5d02be 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_iwarp.c +++ b/drivers/net/ethernet/qlogic/qed/qed_iwarp.c @@ -1703,6 +1703,13 @@ qed_iwarp_parse_rx_pkt(struct qed_hwfn *p_hwfn, iph = (struct iphdr *)((u8 *)(ethh) + eth_hlen); if (eth_type == ETH_P_IP) { + if (iph->protocol != IPPROTO_TCP) { + DP_NOTICE(p_hwfn, + "Unexpected ip protocol on ll2 %x\n", + iph->protocol); + return -EINVAL; + } + cm_info->local_ip[0] = ntohl(iph->daddr); cm_info->remote_ip[0] = ntohl(iph->saddr); cm_info->ip_version = TCP_IPV4; @@ -1711,6 +1718,14 @@ qed_iwarp_parse_rx_pkt(struct qed_hwfn *p_hwfn, *payload_len = ntohs(iph->tot_len) - ip_hlen; } else if (eth_type == ETH_P_IPV6) { ip6h = (struct ipv6hdr *)iph; + + if (ip6h->nexthdr != IPPROTO_TCP) { + DP_NOTICE(p_hwfn, + "Unexpected ip protocol on ll2 %x\n", + iph->protocol); + return -EINVAL; + } + for (i = 0; i < 4; i++) { cm_info->local_ip[i] = ntohl(ip6h->daddr.in6_u.u6_addr32[i]);
FW workaround. The iWARP LL2 connection did not expect TCP packets to arrive on it's connection. The fix drops any non-tcp packets Fixes b5c29ca ("qed: iWARP CM - setup a ll2 connection for handling SYN packets") Signed-off-by: Michal Kalderon <Michal.Kalderon@cavium.com> Signed-off-by: Ariel Elior <Ariel.Elior@cavium.com> --- drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)