From patchwork Wed Jul 15 19:56:26 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 495990 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 49788140778 for ; Thu, 16 Jul 2015 05:56:32 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753508AbbGOT43 (ORCPT ); Wed, 15 Jul 2015 15:56:29 -0400 Received: from orbit.nwl.cc ([176.31.251.142]:36788 "EHLO mail.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753313AbbGOT42 (ORCPT ); Wed, 15 Jul 2015 15:56:28 -0400 Received: from mail.nwl.cc (orbit [127.0.0.1]) by mail.nwl.cc (Postfix) with ESMTP id 518DD213D0; Wed, 15 Jul 2015 21:56:26 +0200 (CEST) Received: by mail.nwl.cc (Postfix, from userid 1000) id 2BF272144C; Wed, 15 Jul 2015 21:56:26 +0200 (CEST) From: Phil Sutter To: netdev@vger.kernel.org Cc: David Miller , Florian Westphal Subject: [PATCH net-next] net/ipv6: update flowi6_oif in ip6_dst_lookup_flow if not set Date: Wed, 15 Jul 2015 21:56:26 +0200 Message-Id: <1436990186-31586-1-git-send-email-phil@nwl.cc> X-Mailer: git-send-email 2.1.2 X-Virus-Scanned: ClamAV using ClamSMTP Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Newly created flows don't have flowi6_oif set (at least if the associated socket is not interface-bound). This leads to a mismatch in __xfrm6_selector_match() for policies which specify an interface in the selector (sel->ifindex != 0). Backtracing shows this happens in code-paths originating from e.g. ip6_datagram_connect(), rawv6_sendmsg() or tcp_v6_connect(). (UDP was not tested for.) In summary, this patch fixes policy matching on outgoing interface for locally generated packets. Signed-off-by: Phil Sutter --- net/ipv6/ip6_output.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index d5f7716..c5fc852 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1023,6 +1023,8 @@ struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, return ERR_PTR(err); if (final_dst) fl6->daddr = *final_dst; + if (!fl6->flowi6_oif) + fl6->flowi6_oif = dst->dev->ifindex; return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); }