Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: dsr: fix parsing of IPv6 AUTH extension header #24792

Merged
merged 1 commit into from
Apr 10, 2023
Merged

bpf: dsr: fix parsing of IPv6 AUTH extension header #24792

merged 1 commit into from
Apr 10, 2023

Conversation

julianwiedmann
Copy link
Member

When walking an IPv6 packet's extension headers to find a DSR extension, only advance the nh variable after calculating the current extension header's length. For AUTH headers we otherwise fail to determine the correct header length.

We recently fixed the same issue in the generic IPv6 code with commit e76d074 ("bpf: fix ipv6 extension header parsing error"), but missed that the nodeport code has its own IPv6 extension header parsing logic.

Fixes: 5fbf127 ("datapath: Support multiple IPv6 extensions with DSR")

@julianwiedmann
bpf: dsr: fix parsing of IPv6 AUTH extension header
5ff5b65 
When walking an IPv6 packet's extension headers to find a DSR extension,
only advance the `nh` variable _after_ calculating the current extension
header's length. For AUTH headers we otherwise fail to determine the
correct header length.

We recently fixed the same issue in the generic IPv6 code with
commit e76d074 ("bpf: fix ipv6 extension header parsing error"), but
missed that the nodeport code has its own IPv6 extension header parsing
logic.

Fixes: 5fbf127 ("datapath: Support multiple IPv6 extensions with DSR")
Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/bug This PR fixes an issue in a previous release of Cilium. feature/ipv6 Relates to IPv6 protocol support needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Apr 9, 2023
@julianwiedmann julianwiedmann requested a review from a team as a code owner April 9, 2023 18:00
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.13.2 Apr 9, 2023
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
Copy link
Member Author

ci-eks hit #24774

@julianwiedmann julianwiedmann added kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Apr 10, 2023
@dylandreimerink dylandreimerink merged commit 157f5c7 into cilium:master Apr 10, 2023
43 checks passed
@julianwiedmann julianwiedmann deleted the 1.14-dsr-ipv6-auth branch April 10, 2023 12:31
@pchaigno pchaigno mentioned this pull request Apr 11, 2023
Merged
8 tasks
@pchaigno pchaigno added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Apr 11, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.13 in 1.13.2 Apr 11, 2023
@gandro gandro added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Apr 12, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Backport done to v1.13 in 1.13.2 Apr 12, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Backport done to v1.13 in 1.13.2 Apr 12, 2023
@gentoo-root gentoo-root mentioned this pull request Apr 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno approved these changes

@YutaroHayakawa YutaroHayakawa Awaiting requested review from YutaroHayakawa YutaroHayakawa was automatically assigned from cilium/sig-datapath

Assignees
No one assigned
Labels
backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. feature/ipv6 Relates to IPv6 protocol support kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
No open projects
1.13.2
Backport done to v1.13
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@julianwiedmann @pchaigno @gandro @dylandreimerink