| Message ID | 1397189952-31438-1-git-send-email-lorenzo@google.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Fri, Apr 11, 2014 at 01:19:12PM +0900, Lorenzo Colitti wrote: > net-next commit 9c76a11, ipv6: tcp_ipv6 policy route issue, had > a boolean logic error that caused incorrect behaviour for TCP > SYN+ACK when oif-based rules are in use. Specifically: > > 1. If a SYN comes in from a global address, and sk_bound_dev_if > is not set, the routing lookup has oif set to the interface > the SYN came in on. Instead, it should have oif unset, > because for global addresses, the incoming interface doesn't > necessarily have any bearing on the interface the SYN+ACK is > sent out on. > 2. If a SYN comes in from a link-local address, and > sk_bound_dev_if is set, the routing lookup has oif set to the > interface the SYN came in on. Instead, it should have oif set > to sk_bound_dev_if, because that's what the application > requested. > > Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Lorenzo Colitti <lorenzo@google.com> Date: Fri, 11 Apr 2014 13:19:12 +0900 > net-next commit 9c76a11, ipv6: tcp_ipv6 policy route issue, had > a boolean logic error that caused incorrect behaviour for TCP > SYN+ACK when oif-based rules are in use. Specifically: > > 1. If a SYN comes in from a global address, and sk_bound_dev_if > is not set, the routing lookup has oif set to the interface > the SYN came in on. Instead, it should have oif unset, > because for global addresses, the incoming interface doesn't > necessarily have any bearing on the interface the SYN+ACK is > sent out on. > 2. If a SYN comes in from a link-local address, and > sk_bound_dev_if is set, the routing lookup has oif set to the > interface the SYN came in on. Instead, it should have oif set > to sk_bound_dev_if, because that's what the application > requested. > > Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Applied, thank you. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 5ca56ce..e289830 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -798,7 +798,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); fl6.flowi6_proto = IPPROTO_TCP; - if (rt6_need_strict(&fl6.daddr) || !oif) + if (rt6_need_strict(&fl6.daddr) && !oif) fl6.flowi6_oif = inet6_iif(skb); else fl6.flowi6_oif = oif;
net-next commit 9c76a11, ipv6: tcp_ipv6 policy route issue, had a boolean logic error that caused incorrect behaviour for TCP SYN+ACK when oif-based rules are in use. Specifically: 1. If a SYN comes in from a global address, and sk_bound_dev_if is not set, the routing lookup has oif set to the interface the SYN came in on. Instead, it should have oif unset, because for global addresses, the incoming interface doesn't necessarily have any bearing on the interface the SYN+ACK is sent out on. 2. If a SYN comes in from a link-local address, and sk_bound_dev_if is set, the routing lookup has oif set to the interface the SYN came in on. Instead, it should have oif set to sk_bound_dev_if, because that's what the application requested. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> --- net/ipv6/tcp_ipv6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)