* [PATCH net] net/ipv4: Set oif in fib_compute_spec_dst
@ 2018-07-07 23:15 dsahern
2018-07-08 1:55 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: dsahern @ 2018-07-07 23:15 UTC (permalink / raw)
To: netdev; +Cc: lucien.xin, David Ahern
From: David Ahern <dsahern@gmail•com>
Xin reported that icmp replies may not use the address on the device the
echo request is received if the destination address is broadcast. Instead
a route lookup is done without considering VRF context. Fix by setting
oif in flow struct to the master device if it is enslaved. That directs
the lookup to the VRF table. If the device is not enslaved, oif is still
0 so no affect.
Fixes: cd2fbe1b6b51 ("net: Use VRF device index for lookups on RX")
Reported-by: Xin Long <lucien.xin@gmail•com>
Signed-off-by: David Ahern <dsahern@gmail•com>
---
net/ipv4/fib_frontend.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index b21833651394..e46cdd310e5f 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -300,6 +300,7 @@ __be32 fib_compute_spec_dst(struct sk_buff *skb)
if (!ipv4_is_zeronet(ip_hdr(skb)->saddr)) {
struct flowi4 fl4 = {
.flowi4_iif = LOOPBACK_IFINDEX,
+ .flowi4_oif = l3mdev_master_ifindex_rcu(dev),
.daddr = ip_hdr(skb)->saddr,
.flowi4_tos = RT_TOS(ip_hdr(skb)->tos),
.flowi4_scope = scope,
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net] net/ipv4: Set oif in fib_compute_spec_dst
2018-07-07 23:15 [PATCH net] net/ipv4: Set oif in fib_compute_spec_dst dsahern
@ 2018-07-08 1:55 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2018-07-08 1:55 UTC (permalink / raw)
To: dsahern; +Cc: netdev, lucien.xin, dsahern
From: dsahern@kernel•org
Date: Sat, 7 Jul 2018 16:15:26 -0700
> From: David Ahern <dsahern@gmail•com>
>
> Xin reported that icmp replies may not use the address on the device the
> echo request is received if the destination address is broadcast. Instead
> a route lookup is done without considering VRF context. Fix by setting
> oif in flow struct to the master device if it is enslaved. That directs
> the lookup to the VRF table. If the device is not enslaved, oif is still
> 0 so no affect.
>
> Fixes: cd2fbe1b6b51 ("net: Use VRF device index for lookups on RX")
> Reported-by: Xin Long <lucien.xin@gmail•com>
> Signed-off-by: David Ahern <dsahern@gmail•com>
Applied and queued up for -stable, thanks David.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-08 1:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-07 23:15 [PATCH net] net/ipv4: Set oif in fib_compute_spec_dst dsahern
2018-07-08 1:55 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox