From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A881CC282CE for ; Wed, 22 May 2019 22:12:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 48D8E20881 for ; Wed, 22 May 2019 22:12:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558563179; bh=71Pyo2o7di0ISO4h7d1mSIIc9hWspC7A1hQ0hIjz7+I=; h=From:To:Cc:Subject:Date:List-ID:From; b=Wqb0jsAA0HML3BHPl7OMPa/U7wtyeFbj2JsgjGn+MVP7OacJ7d1kvymkxSsRd3r22 ojNEY6rfDHPjXO/4HxF6FlCH26nU2FKdOQhkElCy+BU/6Sy7mFoV5i0uYp3T51SeQo xGuX/FclJQAc5RdyihYkU/H0pLSuGbDYfm+99zXk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727179AbfEVWMW (ORCPT ); Wed, 22 May 2019 18:12:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:42558 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726070AbfEVWMW (ORCPT ); Wed, 22 May 2019 18:12:22 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A0AF320881; Wed, 22 May 2019 22:12:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558563141; bh=71Pyo2o7di0ISO4h7d1mSIIc9hWspC7A1hQ0hIjz7+I=; h=From:To:Cc:Subject:Date:From; b=TCIQBzX+XH1+S/pu1mPPxB1XciS5doi10qlxY6bj5M0Bbo7tZP7WlLfShUx1voKdZ fyMI6NOHGoVWG9XpxF0s6RxvmBFFUjOgNCpUn1BE1FQpICM2h8deSTsGCijnO8Pdy6 5JQk1s0N7Aoc67MmfjOcweWR2EOdK/HjBSeaYOOY= From: David Ahern To: davem@davemloft.net Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH net] ipv6: Fix redirect with VRF Date: Wed, 22 May 2019 15:12:18 -0700 Message-Id: <20190522221218.9839-1-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB entries looking for an exact match on ifindex. With VRF the flowi6_oif is updated by l3mdev_update_flow to the l3mdev index and the FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the device match. For redirects the device match is requires so use that flag to know when the oif needs to be reset to the skb device index. Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack") Signed-off-by: David Ahern --- net/ipv6/route.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 7a014ca877ed..848e944f07df 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2512,6 +2512,12 @@ static struct rt6_info *__ip6_route_redirect(struct net *net, struct fib6_info *rt; struct fib6_node *fn; + /* l3mdev_update_flow overrides oif if the device is enslaved; in + * this case we must match on the real ingress device, so reset it + */ + if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) + fl6->flowi6_oif = skb->dev->ifindex; + /* Get the "current" route for this destination and * check if the redirect has come from appropriate router. * -- 2.11.0