> Okay, I'm working on a patch that adds explicit checks
Sent: http://patchwork.ozlabs.org/patch/863237/
>
> @@ -45,6 +45,9 @@ static struct sk_buff *sctp_gso_segment(struct sk_buff
> *skb,
> struct sk_buff *segs = ERR_PTR(-EINVAL);
> struct sctphdr *sh;
>
> + if (!skb_shinfo(skb)->gso_type & SKB_GSO_SCTP)
> + goto out;
> +
>
> to all transport layer gso offloads: {sctp, tcpv[46], ufov[46], espv[46]}.
> This
> will block packets with gso_type X but protocol type Y from being parsed.
> But does allow entering a tunnel protocol handler if that is different from Y,
> unlike the above patch.
>
> tunnels segmentation itself is protected by skb->encapsulation. Only tunnel
> devices in the stack can set this field, not virtio_net_hdr_to_skb. Packets
> that
> enter {gre, udp tunnel, ipxip4, ipxip6} without this bit are already dropped,
> so
> no new checks are needed to these based on gso_type.
This is not yet sufficient. If a packet comes from userspace with tunnel
headers and passes through a tunnel that sets skb->encapsulation, it is
indistinguishable from a valid tunneled packet. That bit is not exclusive,
