diff mbox series

[net] vrf: check the original netdevice for generating redirect

Message ID 1527825921-17677-1-git-send-email-ssuryaextr@gmail.com
State Accepted, archived
Delegated to: David Miller
Headers show
Series [net] vrf: check the original netdevice for generating redirect | expand

Commit Message

Stephen Suryaputra June 1, 2018, 4:05 a.m. UTC 
Use the right device to determine if redirect should be sent especially
when using vrf. Same as well as when sending the redirect.

Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
---
 net/ipv6/ip6_output.c | 3 ++-
 net/ipv6/ndisc.c      | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

Comments

David Miller June 3, 2018, 2:34 p.m. UTC | #1 
From: Stephen Suryaputra <ssuryaextr@gmail.com>
Date: Fri,  1 Jun 2018 00:05:21 -0400

> Use the right device to determine if redirect should be sent especially
> when using vrf. Same as well as when sending the redirect.
> 
> Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>

David A., please review.
David Ahern June 3, 2018, 3:31 p.m. UTC | #2 
On 5/31/18 10:05 PM, Stephen Suryaputra wrote:
> Use the right device to determine if redirect should be sent especially
> when using vrf. Same as well as when sending the redirect.
> 
> Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
> ---
>  net/ipv6/ip6_output.c | 3 ++-
>  net/ipv6/ndisc.c      | 6 ++++++
>  2 files changed, 8 insertions(+), 1 deletion(-)

skb->dev in this path is set to the vrf device if applicable, so yes the
change is needed. Thanks for the fix.

Acked-by: David Ahern <dsahern@gmail.com>
diff mbox series

Patch

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 7b6d168..af49f6c 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -507,7 +507,8 @@  int ip6_forward(struct sk_buff *skb)
 	   send redirects to source routed frames.
 	   We don't send redirects to frames decapsulated from IPsec.
 	 */
-	if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
+	if (IP6CB(skb)->iif == dst->dev->ifindex &&
+	    opt->srcrt == 0 && !skb_sec_path(skb)) {
 		struct in6_addr *target = NULL;
 		struct inet_peer *peer;
 		struct rt6_info *rt;
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 9de4dfb1..525051a 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1576,6 +1576,12 @@  void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
 	   ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
 	bool ret;
 
+	if (netif_is_l3_master(skb->dev)) {
+		dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
+		if (!dev)
+			return;
+	}
+
 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
 		ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
 			  dev->name);