@@ -3637,13 +3637,12 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
dst = ip6_route_lookup(net, &fl6, 0);
rt = container_of(dst, struct rt6_info, dst);
- if (rt->dst.error) {
- err = rt->dst.error;
- ip6_rt_put(rt);
- goto errout;
- }
-
- if (rt == net->ipv6.ip6_null_entry) {
+ if (rt->dst.error &&
+#ifdef CONFIG_IPV6_MULTIPLE_TABLES
+ rt != net->ipv6.ip6_prohibit_entry &&
+ rt != net->ipv6.ip6_blk_hole_entry &&
+#endif
+ rt != net->ipv6.ip6_null_entry) {
err = rt->dst.error;
ip6_rt_put(rt);
goto errout;
After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib result when requested"). When we get a prohibit ertry, we will return -EACCES directly. Before: + ip netns exec client ip -6 route get 2003::1 prohibit 2003::1 dev lo table unspec proto kernel src 2001::1 metric 4294967295 error -13 After: + ip netns exec server ip -6 route get 2002::1 RTNETLINK answers: Permission denied Fix this by add prohibit and blk hole check. At the same time, after commit 2f460933f58e ("ipv6: initialize route null entry in addrconf_init()") and 242d3a49a2a1 ("ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf") We will init rt6i_idev correctly. So we could dump ip6_null_entry (unreachable route entry) safely now. Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> --- net/ipv6/route.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-)