Commit 48ed7b26 authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

ipv6: reject locally assigned nexthop addresses

ip -6 addr add dead::1/128 dev eth0
sleep 5
ip -6 route add default via dead::1/128
-> fails
ip -6 addr add dead::1/128 dev eth0
ip -6 route add default via dead::1/128
-> succeeds

reason is that if (nonsensensical) route above is added,
dead::1 is still subject to DAD, so the route lookup will
pick eth0 as outdev due to the prefix route that is added before
DAD work is started.

Add explicit test that checks if nexthop gateway is a local address.

Link: https://bugzilla.redhat.com/show_bug.cgi?id=1167969Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b66ba8d5
...@@ -1624,6 +1624,16 @@ int ip6_route_add(struct fib6_config *cfg) ...@@ -1624,6 +1624,16 @@ int ip6_route_add(struct fib6_config *cfg)
int gwa_type; int gwa_type;
gw_addr = &cfg->fc_gateway; gw_addr = &cfg->fc_gateway;
/* if gw_addr is local we will fail to detect this in case
* address is still TENTATIVE (DAD in progress). rt6_lookup()
* will return already-added prefix route via interface that
* prefix route was assigned to, which might be non-loopback.
*/
err = -EINVAL;
if (ipv6_chk_addr_and_flags(net, gw_addr, NULL, 0, 0))
goto out;
rt->rt6i_gateway = *gw_addr; rt->rt6i_gateway = *gw_addr;
gwa_type = ipv6_addr_type(gw_addr); gwa_type = ipv6_addr_type(gw_addr);
...@@ -1637,7 +1647,6 @@ int ip6_route_add(struct fib6_config *cfg) ...@@ -1637,7 +1647,6 @@ int ip6_route_add(struct fib6_config *cfg)
(SIT, PtP, NBMA NOARP links) it is handy to allow (SIT, PtP, NBMA NOARP links) it is handy to allow
some exceptions. --ANK some exceptions. --ANK
*/ */
err = -EINVAL;
if (!(gwa_type & IPV6_ADDR_UNICAST)) if (!(gwa_type & IPV6_ADDR_UNICAST))
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment