Commit 84922d8c authored by David S. Miller's avatar David S. Miller

Merge branch 'ipv6-sticky-pktinfo'

Paolo Abeni says:

====================
ipv6: fix sticky pktinfo behaviour

Currently:

ip addr add dev eth0 2001:0010::1/64
ip addr add dev eth1 2001:0020::1/64
ping6 -I eth0 2001:0020::2

do not lead to the expected results, i.e. eth1 is used as the
egress interface.

This is due to two related issues in handling sticky pktinfo,
used by ping6 to enforce the device binding:

- ip6_dst_lookup_flow()/ip6_dst_lookup_tail() do not really enforce
flowi6_oif match
- ipv6 udp connect() just ignore flowi6_oif

These patches address each issue individually.

The kernel has never enforced the egress interface specified
via the sticky pktinfo, except briefly between the commits
741a11d9 ("net: ipv6: Add RT6_LOOKUP_F_IFACE flag if oif is set")
and
d46a9d67 ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE flag if saddr set"),
but the ping6 tools was unaffected up to iputils-20100214,
since before it used SO_BINDTODEVICE to enforce the egress
interface.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 39a4867a 1cdda918
...@@ -64,8 +64,16 @@ static inline bool rt6_need_strict(const struct in6_addr *daddr) ...@@ -64,8 +64,16 @@ static inline bool rt6_need_strict(const struct in6_addr *daddr)
void ip6_route_input(struct sk_buff *skb); void ip6_route_input(struct sk_buff *skb);
struct dst_entry *ip6_route_output(struct net *net, const struct sock *sk, struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk,
struct flowi6 *fl6); struct flowi6 *fl6, int flags);
static inline struct dst_entry *ip6_route_output(struct net *net,
const struct sock *sk,
struct flowi6 *fl6)
{
return ip6_route_output_flags(net, sk, fl6, 0);
}
struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6, struct dst_entry *ip6_route_lookup(struct net *net, struct flowi6 *fl6,
int flags); int flags);
......
...@@ -162,6 +162,9 @@ static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int a ...@@ -162,6 +162,9 @@ static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int a
fl6.fl6_dport = inet->inet_dport; fl6.fl6_dport = inet->inet_dport;
fl6.fl6_sport = inet->inet_sport; fl6.fl6_sport = inet->inet_sport;
if (!fl6.flowi6_oif)
fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
if (!fl6.flowi6_oif && (addr_type&IPV6_ADDR_MULTICAST)) if (!fl6.flowi6_oif && (addr_type&IPV6_ADDR_MULTICAST))
fl6.flowi6_oif = np->mcast_oif; fl6.flowi6_oif = np->mcast_oif;
......
...@@ -909,6 +909,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, ...@@ -909,6 +909,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
struct rt6_info *rt; struct rt6_info *rt;
#endif #endif
int err; int err;
int flags = 0;
/* The correct way to handle this would be to do /* The correct way to handle this would be to do
* ip6_route_get_saddr, and then ip6_route_output; however, * ip6_route_get_saddr, and then ip6_route_output; however,
...@@ -940,10 +941,13 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, ...@@ -940,10 +941,13 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
dst_release(*dst); dst_release(*dst);
*dst = NULL; *dst = NULL;
} }
if (fl6->flowi6_oif)
flags |= RT6_LOOKUP_F_IFACE;
} }
if (!*dst) if (!*dst)
*dst = ip6_route_output(net, sk, fl6); *dst = ip6_route_output_flags(net, sk, fl6, flags);
err = (*dst)->error; err = (*dst)->error;
if (err) if (err)
......
...@@ -1183,11 +1183,10 @@ static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table ...@@ -1183,11 +1183,10 @@ static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table
return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags);
} }
struct dst_entry *ip6_route_output(struct net *net, const struct sock *sk, struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk,
struct flowi6 *fl6) struct flowi6 *fl6, int flags)
{ {
struct dst_entry *dst; struct dst_entry *dst;
int flags = 0;
bool any_src; bool any_src;
dst = l3mdev_rt6_dst_by_oif(net, fl6); dst = l3mdev_rt6_dst_by_oif(net, fl6);
...@@ -1208,7 +1207,7 @@ struct dst_entry *ip6_route_output(struct net *net, const struct sock *sk, ...@@ -1208,7 +1207,7 @@ struct dst_entry *ip6_route_output(struct net *net, const struct sock *sk,
return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output); return fib6_rule_lookup(net, fl6, flags, ip6_pol_route_output);
} }
EXPORT_SYMBOL(ip6_route_output); EXPORT_SYMBOL_GPL(ip6_route_output_flags);
struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig) struct dst_entry *ip6_blackhole_route(struct net *net, struct dst_entry *dst_orig)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment