| Message ID | 20180206201412.11580-1-dsahern@gmail.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] net/ipv6: Handle reject routes with onlink flag | expand |
From: David Ahern <dsahern@gmail.com> Date: Tue, 6 Feb 2018 12:14:12 -0800 > Verification of nexthops with onlink flag need to handle unreachable > routes. The lookup is only intended to validate the gateway address > is not a local address and if the gateway resolves the egress device > must match the given device. Hence, hitting any default reject route > is ok. > > Fixes: fc1e64e1092f ("net/ipv6: Add support for onlink flag") > Signed-off-by: David Ahern <dsahern@gmail.com> Applied.
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index fb2d251c0500..69c43d289c69 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2488,7 +2488,8 @@ static int ip6_route_check_nh_onlink(struct net *net, err = 0; grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0); if (grt) { - if (grt->rt6i_flags & flags || dev != grt->dst.dev) { + if (!grt->dst.error && + (grt->rt6i_flags & flags || dev != grt->dst.dev)) { NL_SET_ERR_MSG(extack, "Nexthop has invalid gateway"); err = -EINVAL; }
Verification of nexthops with onlink flag need to handle unreachable routes. The lookup is only intended to validate the gateway address is not a local address and if the gateway resolves the egress device must match the given device. Hence, hitting any default reject route is ok. Fixes: fc1e64e1092f ("net/ipv6: Add support for onlink flag") Signed-off-by: David Ahern <dsahern@gmail.com> --- net/ipv6/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)