From patchwork Fri Apr 11 04:19:12 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Colitti <lorenzo@google.com>
X-Patchwork-Id: 338343
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 182C7140084
	for <patchwork-incoming@ozlabs.org>;
	Fri, 11 Apr 2014 14:19:41 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750828AbaDKETf (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 11 Apr 2014 00:19:35 -0400
Received: from mail-pa0-f49.google.com ([209.85.220.49]:62647 "EHLO
	mail-pa0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750794AbaDKETe (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 11 Apr 2014 00:19:34 -0400
Received: by mail-pa0-f49.google.com with SMTP id lj1so4791884pab.8
	for <netdev@vger.kernel.org>; Thu, 10 Apr 2014 21:19:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=VkwQ8vel0S4nmiU05WLWC9/v5q6W4sDFWPZYk/r+wHY=;
	b=Uzu/z7bGXl76TAEZGXr/Y/yp4+asSIvjLxZUUzT2W1bDXDM3QC8DpwfUbUwlp90mAO
	GDgQmff4zGfrbLK1t/w+4x77nvLtpfWEl1ZWLfguKMEakI4DB8E/R5Ya4KsckWtN0vsV
	DPjX77MT197OAPRKst0m+2b8ThJPF29+CiF3/7j5Db+OhyCfZH7Cr7716dzhoHUbIq32
	B3yZMiZsyk9cA/DlUknGIccMCSjA0mU9emlWwO6WSCw36KRUVXScSI9umyx2Aq9dEyzO
	6Wb+JqhOh/6d7is/Y3pMnKoouLyiO/hy5ccOugSSnTZDH/HRa3sfX+rOzC3TUlWw4lTw
	rdMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=VkwQ8vel0S4nmiU05WLWC9/v5q6W4sDFWPZYk/r+wHY=;
	b=V+s1cVrpks8U7IF/gBPd3cZ5rIoP5Ck5fu8qDKCx/kg4iTrqj5YD8LKv53MvZoKt77
	IHQjj/PvuxNnqYdPalq9hIWLlMrf2kpCEcMPBg+acqEbSk7lT5Pintm5ZfTpUDgeq/zx
	bvN2zGf1ODaw4TQle/uNEmmlGBZZm71ESM9O764qZ8troYlvZapYBb89bS4EFwGm8bBS
	HnWWQxmFut9ROkTtUhmokQGReQnz0yANiaiNZsbryjV7UyGWrS6F85mj8bAbB/JnMNBB
	aizlSZyHICV5TgSaDB/STXflwNM2g/jMEw0l5Lw0lJE48Qm1To/ptn/1v3GBpFO1h6ax
	fN1g==
X-Gm-Message-State: 
 ALoCoQnGbhMnXpy+E2YVvd4qOdj53xR/GZ3lJw9v4eQGYit3H+a8lozFi8Z+NSjvAT3fErvxhmc7pF1mOFk6NMf1NfBRWr6HhmePO6B29Fs7IFpxuVYist+B8/hMp3UKo6uc+irFVI+ZuZwcjvOnhKkjNEsZhgmTNstiuCrtJnT8oNuB6PksUO4uMq5LGGSGoh4Uga482alY4tGY59jx/DSf8MejWrYgx4rCyifUlzEoGECkPLAGnnE=
X-Received: by 10.69.31.42 with SMTP id kj10mr2538394pbd.165.1397189973491;
	Thu, 10 Apr 2014 21:19:33 -0700 (PDT)
Received: from flyingsaucer.corp.google.com
	(dhcp-172-23-69-128.tok.corp.google.com [172.23.69.128])
	by mx.google.com with ESMTPSA id
	qx11sm29477418pab.35.2014.04.10.21.19.31 for <multiple recipients>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Thu, 10 Apr 2014 21:19:32 -0700 (PDT)
From: Lorenzo Colitti <lorenzo@google.com>
To: netdev@vger.kernel.org
Cc: hannes@stressinduktion.org, davem@davemloft.net,
	wangyufen@huawei.com, Lorenzo Colitti <lorenzo@google.com>
Subject: [PATCH net] net: ipv6: Fix oif in TCP SYN+ACK route lookup.
Date: Fri, 11 Apr 2014 13:19:12 +0900
Message-Id: <1397189952-31438-1-git-send-email-lorenzo@google.com>
X-Mailer: git-send-email 1.9.1.423.g4596e3a
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

net-next commit 9c76a11, ipv6: tcp_ipv6 policy route issue, had
a boolean logic error that caused incorrect behaviour for TCP
SYN+ACK when oif-based rules are in use. Specifically:

1. If a SYN comes in from a global address, and sk_bound_dev_if
   is not set, the routing lookup has oif set to the interface
   the SYN came in on. Instead, it should have oif unset,
   because for global addresses, the incoming interface doesn't
   necessarily have any bearing on the interface the SYN+ACK is
   sent out on.
2. If a SYN comes in from a link-local address, and
   sk_bound_dev_if is set, the routing lookup has oif set to the
   interface the SYN came in on. Instead, it should have oif set
   to sk_bound_dev_if, because that's what the application
   requested.

Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
 net/ipv6/tcp_ipv6.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 5ca56ce..e289830 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -798,7 +798,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
 	__tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
 
 	fl6.flowi6_proto = IPPROTO_TCP;
-	if (rt6_need_strict(&fl6.daddr) || !oif)
+	if (rt6_need_strict(&fl6.daddr) && !oif)
 		fl6.flowi6_oif = inet6_iif(skb);
 	else
 		fl6.flowi6_oif = oif;