From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 348C91A76A7; Tue, 30 Jul 2024 17:16:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722359790; cv=none; b=rlgvjUbXEHvyAP1Iu0Yh7apDer9e+M6NLA18CpCtL++tTORP6SsUSQqAPSDHIBvq/NUa5fzoXz4SAynNr3su2Yb8rrYboOedcJl5wdPbHVe2zXtdI13mGjCZ9M+p10K+cXUu5NasoQIk7E/xu+W4DfNd7R4LxGZ7YmWPDdv3FEs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1722359790; c=relaxed/simple; bh=zXA+Ekarzfms4edwPT9+oDFp4STHBLLzug/k7/kxYiw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=p23GnXu9pBZ/jvEXfbcfftCVUojDigN2YWFMSLa7ZaU3Cei2wRfPyVzOX+ZH0dCj+3CXy+FJU5J0VTxTO6tvsDDWLBxRT8CsptmNjaEHdPsIzesnDUZ8IbixGRwmNoDp4k5wNRh87f8u83GKKsnS46MWSXCsnbSU43VfzYWrtwM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Sj0+LVks; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Sj0+LVks" Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB440C32782; Tue, 30 Jul 2024 17:16:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1722359790; bh=zXA+Ekarzfms4edwPT9+oDFp4STHBLLzug/k7/kxYiw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Sj0+LVksHtsd3h4EUgz4SYtH1BknB2L43iAhPZGg4b6drtYR08L4kjPqUAtv7Lx1F j5v1R/VX0mAPEOOmUK6SUPMTtVPOtZLUwi6/8jeMNtqgGBlErPZQQ6eLbR30rCExB1 7551KMVOaoMjG8yOZyu+UYYJHUuj7ZE8LhdHPTzA= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Ido Schimmel , Guillaume Nault , Paolo Abeni , Sasha Levin Subject: [PATCH 6.6 536/568] ipv4: Fix incorrect source address in Record Route option Date: Tue, 30 Jul 2024 17:50:43 +0200 Message-ID: <20240730151701.103254766@linuxfoundation.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240730151639.792277039@linuxfoundation.org> References: <20240730151639.792277039@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ido Schimmel [ Upstream commit cc73bbab4b1fb8a4f53a24645871dafa5f81266a ] The Record Route IP option records the addresses of the routers that routed the packet. In the case of forwarded packets, the kernel performs a route lookup via fib_lookup() and fills in the preferred source address of the matched route. The lookup is performed with the DS field of the forwarded packet, but using the RT_TOS() macro which only masks one of the two ECN bits. If the packet is ECT(0) or CE, the matched route might be different than the route via which the packet was forwarded as the input path masks both of the ECN bits, resulting in the wrong address being filled in the Record Route option. Fix by masking both of the ECN bits. Fixes: 8e36360ae876 ("ipv4: Remove route key identity dependencies in ip_rt_get_source().") Signed-off-by: Ido Schimmel Reviewed-by: Guillaume Nault Link: https://patch.msgid.link/20240718123407.434778-1-idosch@nvidia.com Signed-off-by: Paolo Abeni Signed-off-by: Sasha Levin --- net/ipv4/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 4d169573148f6..285482060082f 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1275,7 +1275,7 @@ void ip_rt_get_source(u8 *addr, struct sk_buff *skb, struct rtable *rt) struct flowi4 fl4 = { .daddr = iph->daddr, .saddr = iph->saddr, - .flowi4_tos = RT_TOS(iph->tos), + .flowi4_tos = iph->tos & IPTOS_RT_MASK, .flowi4_oif = rt->dst.dev->ifindex, .flowi4_iif = skb->dev->ifindex, .flowi4_mark = skb->mark, -- 2.43.0