From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Stephen Suryaputra <ssuryaextr@gmail.com>,
David Ahern <dsahern@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.16 32/48] vrf: check the original netdevice for generating redirect
Date: Sat, 9 Jun 2018 17:29:44 +0200 [thread overview]
Message-ID: <20180609145949.894480951@linuxfoundation.org> (raw)
In-Reply-To: <20180609145947.679103414@linuxfoundation.org>
4.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephen Suryaputra <ssuryaextr@gmail.com>
[ Upstream commit 2f17becfbea5e9a0529b51da7345783e96e69516 ]
Use the right device to determine if redirect should be sent especially
when using vrf. Same as well as when sending the redirect.
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_output.c | 3 ++-
net/ipv6/ndisc.c | 6 ++++++
2 files changed, 8 insertions(+), 1 deletion(-)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -507,7 +507,8 @@ int ip6_forward(struct sk_buff *skb)
send redirects to source routed frames.
We don't send redirects to frames decapsulated from IPsec.
*/
- if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
+ if (IP6CB(skb)->iif == dst->dev->ifindex &&
+ opt->srcrt == 0 && !skb_sec_path(skb)) {
struct in6_addr *target = NULL;
struct inet_peer *peer;
struct rt6_info *rt;
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1576,6 +1576,12 @@ void ndisc_send_redirect(struct sk_buff
ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
bool ret;
+ if (netif_is_l3_master(skb->dev)) {
+ dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
+ if (!dev)
+ return;
+ }
+
if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
dev->name);
next prev parent reply other threads:[~2018-06-09 15:48 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-09 15:29 [PATCH 4.16 00/48] 4.16.15-stable review Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 01/48] mmap: introduce sane default mmap limits Greg Kroah-Hartman
[not found] ` <CAMwc25rh7ZSO3mEFyTwbyh1qNy3k-5AHyRrRFq-Zih4kDDGsig@mail.gmail.com>
2018-06-11 5:26 ` Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 02/48] mmap: relax file size limit for regular files Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 03/48] netfilter: nf_flow_table: attach dst to skbs Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 05/48] be2net: Fix error detection logic for BE3 Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 06/48] bnx2x: use the right constant Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 07/48] cls_flower: Fix incorrect idr release when failing to modify rule Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 08/48] dccp: dont free ccid2_hc_tx_sock struct in dccp_disconnect() Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 09/48] enic: set DMA mask to 47 bit Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 10/48] ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 11/48] ip6_tunnel: remove magic mtu value 0xFFF8 Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 12/48] ipmr: properly check rhltable_init() return value Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 13/48] ipv4: remove warning in ip_recv_error Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 14/48] ipv6: omit traffic class when calculating flow hash Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 15/48] isdn: eicon: fix a missing-check bug Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 16/48] kcm: Fix use-after-free caused by clonned sockets Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 17/48] l2tp: fix refcount leakage on PPPoL2TP sockets Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 18/48] mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 19/48] netdev-FAQ: clarify DaveMs position for stable backports Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 20/48] net: ethernet: davinci_emac: fix error handling in probe() Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 21/48] net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 22/48] net: metrics: add proper netlink validation Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 23/48] net/packet: refine check for priv area size Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 24/48] net: phy: broadcom: Fix bcm_write_exp() Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 26/48] packet: fix reserve calculation Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 27/48] qed: Fix mask for physical address in ILT entry Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 28/48] rtnetlink: validate attributes in do_setlink() Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 29/48] sctp: not allow transport timeout value less than HZ/5 for hb_timer Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 30/48] team: use netdev_features_t instead of u32 Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 31/48] vhost: synchronize IOTLB message with dev cleanup Greg Kroah-Hartman
2018-06-09 15:29 ` Greg Kroah-Hartman [this message]
2018-06-09 15:29 ` [PATCH 4.16 33/48] ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 34/48] net: phy: broadcom: Fix auxiliary control register reads Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 35/48] net-sysfs: Fix memory leak in XPS configuration Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 36/48] virtio-net: correctly transmit XDP buff after linearizing Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 37/48] virtio-net: fix leaking page for gso packet during mergeable XDP Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 38/48] net/mlx4: Fix irq-unsafe spinlock usage Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 39/48] net/mlx5e: When RXFCS is set, add FCS data into checksum calculation Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 40/48] tun: Fix NULL pointer dereference in XDP redirect Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 41/48] virtio-net: correctly check num_buf during err path Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 43/48] net : sched: cls_api: deal with egdev path only if needed Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 44/48] virtio-net: correctly redirect linearized packet Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 45/48] ip_tunnel: restore binding to ifaces with a large mtu Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 46/48] net: netsec: reduce DMA mask to 40 bits Greg Kroah-Hartman
2018-06-09 15:29 ` [PATCH 4.16 47/48] vhost_net: flush batched heads before trying to busy polling Greg Kroah-Hartman
2018-06-09 15:30 ` [PATCH 4.16 48/48] PCI: hv: Do not wait forever on a device that has disappeared Greg Kroah-Hartman
2018-06-10 9:07 ` [PATCH 4.16 00/48] 4.16.15-stable review Naresh Kamboju
2018-06-10 14:05 ` Greg Kroah-Hartman
2018-06-10 17:04 ` Naresh Kamboju
2018-06-10 15:24 ` Guenter Roeck
2018-06-11 19:35 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180609145949.894480951@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ssuryaextr@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox