From 498e12855516a9009fcfff3d1a2d475ead1822ca Mon Sep 17 00:00:00 2001
From: Jesse Gross <jesse@nicira.com>
Date: Fri, 1 Feb 2013 15:34:10 -0800
Subject: [PATCH] tunneling: Don't send ICMP messages if no tunnel port is
 found.

Some tunnel code in OVS (for example, CAPWAP) uses the skb->cb to
store information while processing packets.  However, if we don't
find an appropriate tunnel port on receive, then we send an ICMP
port unreachable message, which calls back into the IP stack.  The
stack assumes that skb->cb will still contain valid information
about from the IP layer, including any IP options.  As a result,
icmp_echo_options() can read the garbage values from OVS and
overwrite data on the stack, panicing the machine.

This simply stops sending ICMP messages when ports are not found.
Many people find them confusing and flow based tunneling will
never send them (since it always finds a port) so it solves both
problems at once.

Bug #14880

Reported-by: Deepesh Govindan <dgovindan@nicira.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Kyle Mestery <kmestery@cisco.com>
---
 datapath/vport-capwap.c | 4 +---
 datapath/vport-gre.c    | 4 +---
 datapath/vport-vxlan.c  | 4 +---
 3 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/datapath/vport-capwap.c b/datapath/vport-capwap.c
index 56e6394a0..123068231 100644
--- a/datapath/vport-capwap.c
+++ b/datapath/vport-capwap.c
@@ -331,10 +331,8 @@ static int capwap_rcv(struct sock *sk, struct sk_buff *skb)
 	iph = ip_hdr(skb);
 	vport = ovs_tnl_find_port(sock_net(sk), iph->daddr, iph->saddr, key,
 				  TNL_T_PROTO_CAPWAP, &mutable);
-	if (unlikely(!vport)) {
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
+	if (unlikely(!vport))
 		goto error;
-	}
 
 	if (key_present && mutable->key.daddr &&
 			 !(mutable->flags & TNL_F_IN_KEY_MATCH)) {
diff --git a/datapath/vport-gre.c b/datapath/vport-gre.c
index 14c5ba340..680e7b34a 100644
--- a/datapath/vport-gre.c
+++ b/datapath/vport-gre.c
@@ -274,10 +274,8 @@ static int gre_rcv(struct sk_buff *skb)
 	iph = ip_hdr(skb);
 	vport = ovs_tnl_find_port(dev_net(skb->dev), iph->daddr, iph->saddr, key,
 				  tunnel_type, &mutable);
-	if (unlikely(!vport)) {
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
+	if (unlikely(!vport))
 		goto error;
-	}
 
 	tnl_flags = gre_flags_to_tunnel_flags(mutable, gre_flags, &key);
 	tnl_tun_key_init(&tun_key, iph, key, tnl_flags);
diff --git a/datapath/vport-vxlan.c b/datapath/vport-vxlan.c
index 4f9f33941..413452ed1 100644
--- a/datapath/vport-vxlan.c
+++ b/datapath/vport-vxlan.c
@@ -166,10 +166,8 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
 	iph = ip_hdr(skb);
 	vport = ovs_tnl_find_port(dev_net(skb->dev), iph->daddr, iph->saddr,
 		key, TNL_T_PROTO_VXLAN, &mutable);
-	if (unlikely(!vport)) {
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
+	if (unlikely(!vport))
 		goto error;
-	}
 
 	if (mutable->flags & TNL_F_IN_KEY_MATCH || !mutable->key.daddr)
 		tunnel_flags = OVS_TNL_F_KEY;
-- 
2.47.0