From: Julian Anastasov <ja@ssi.bg>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
lvs-devel@vger.kernel.org,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Subject: [PATCH net 1/3] ipv6: always prefer rt6i_gateway if present
Date: Sun, 20 Oct 2013 15:43:03 +0300 [thread overview]
Message-ID: <1382272985-1528-2-git-send-email-ja@ssi.bg> (raw)
In-Reply-To: <1382272985-1528-1-git-send-email-ja@ssi.bg>
In v3.9 6fd6ce2056de2709 ("ipv6: Do not depend on rt->n in
ip6_finish_output2()." changed the behaviour of ip6_finish_output2()
such that the recently introduced rt6_nexthop() is used
instead of an assigned neighbor.
As rt6_nexthop() prefers rt6i_gateway only for gatewayed
routes this causes a problem for users like IPVS, xt_TEE and
RAW(hdrincl) if they want to use different address for routing
compared to the destination address.
Another case is when redirect can create RTF_DYNAMIC
route without RTF_GATEWAY flag, we ignore the rt6i_gateway
in rt6_nexthop().
Fix the above problems by considering the rt6i_gateway if
present, so that traffic routed to address on local subnet is
not wrongly diverted to the destination address.
Thanks to Simon Horman and Phil Oester for spotting the
problematic commit.
Thanks to Hannes Frederic Sowa for his review and help in testing.
Reported-by: Phil Oester <kernel@linuxace.com>
Reported-by: Mark Brooks <mark@loadbalancer.org>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
---
include/net/ip6_route.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index f525e70..481404a 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -196,7 +196,7 @@ static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
static inline struct in6_addr *rt6_nexthop(struct rt6_info *rt, struct in6_addr *dest)
{
- if (rt->rt6i_flags & RTF_GATEWAY)
+ if (rt->rt6i_flags & RTF_GATEWAY || !ipv6_addr_any(&rt->rt6i_gateway))
return &rt->rt6i_gateway;
return dest;
}
--
1.8.3.1
next prev parent reply other threads:[~2013-10-20 12:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-20 12:43 [PATCH net 0/3] ipv6: use rt6i_gateway as nexthop Julian Anastasov
2013-10-20 12:43 ` Julian Anastasov [this message]
2013-10-21 5:00 ` [PATCH net 1/3] ipv6: always prefer rt6i_gateway if present Hannes Frederic Sowa
2013-10-20 12:43 ` [PATCH net 2/3] ipv6: fill rt6i_gateway with nexthop address Julian Anastasov
2013-10-20 18:33 ` Hannes Frederic Sowa
2013-10-21 5:01 ` Hannes Frederic Sowa
2013-10-21 7:31 ` Julian Anastasov
2013-10-21 22:42 ` David Miller
2013-10-20 12:43 ` [PATCH net 3/3] netfilter: nf_conntrack: fix rt6i_gateway checks for H.323 helper Julian Anastasov
2013-10-21 5:04 ` Hannes Frederic Sowa
2013-10-21 9:35 ` [PATCH net 0/3] ipv6: use rt6i_gateway as nexthop Hannes Frederic Sowa
2013-10-21 20:02 ` Julian Anastasov
2013-10-21 22:40 ` David Miller
2013-10-28 1:28 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1382272985-1528-2-git-send-email-ja@ssi.bg \
--to=ja@ssi.bg \
--cc=davem@davemloft.net \
--cc=lvs-devel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).