From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] net/tcp: Fix socket lookups with SO_BINDTODEVICE
Date: Wed, 20 Jun 2018 08:04:38 +0900 (KST)
Message-ID: <20180620.080438.1744443807544218914.davem@davemloft.net>
References: <20180618193037.3365-1-dsahern@kernel.org>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, lberger@labn.net,
        renato@opensourcerouting.org, dsahern@gmail.com
To: dsahern@kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([23.128.96.9]:49720 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750990AbeFSXEl (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 19 Jun 2018 19:04:41 -0400
In-Reply-To: <20180618193037.3365-1-dsahern@kernel.org>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: dsahern@kernel.org
Date: Mon, 18 Jun 2018 12:30:37 -0700

> From: David Ahern <dsahern@gmail.com>
> 
> Similar to 69678bcd4d2d ("udp: fix SO_BINDTODEVICE"), TCP socket lookups
> need to fail if dev_match is not true. Currently, a packet to a given port
> can match a socket bound to device when it should not. In the VRF case,
> this causes the lookup to hit a VRF socket and not a global socket
> resulting in a response trying to go through the VRF when it should it.
                                                                      ^^^

"not", I fixed this up for you.

> Fixes: 3fa6f616a7a4d ("net: ipv4: add second dif to inet socket lookups")
> Fixes: 4297a0ef08572 ("net: ipv6: add second dif to inet6 socket lookups")
> Reported-by: Lou Berger <lberger@labn.net>
> Diagnosed-by: Renato Westphal <renato@opensourcerouting.org>
> Tested-by: Renato Westphal <renato@opensourcerouting.org>
> Signed-off-by: David Ahern <dsahern@gmail.com>

Applied and queued up for -stable, thanks.