Message ID | 20180719194118.25346-1-dsahern@kernel.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net] net/ipv6: Fix linklocal to global address with VRF | expand |
From: dsahern@kernel.org Date: Thu, 19 Jul 2018 12:41:18 -0700 > From: David Ahern <dsahern@gmail.com> > > Example setup: > host: ip -6 addr add dev eth1 2001:db8:104::4 > where eth1 is enslaved to a VRF > > switch: ip -6 ro add 2001:db8:104::4/128 dev br1 > where br1 only has an LLA > > ping6 2001:db8:104::4 > ssh 2001:db8:104::4 > > (NOTE: UDP works fine if the PKTINFO has the address set to the global > address and ifindex is set to the index of eth1 with a destination an > LLA). > > For ICMP, icmp6_iif needs to be updated to check if skb->dev is an > L3 master. If it is then return the ifindex from rt6i_idev similar > to what is done for loopback. > > For TCP, restore the original tcp_v6_iif definition which is needed in > most places and add a new tcp_v6_iif_l3_slave that considers the > l3_slave variability. This latter check is only needed for socket > lookups. > > Fixes: 9ff74384600a ("net: vrf: Handle ipv6 multicast and link-local addresses") > Signed-off-by: David Ahern <dsahern@gmail.com> Applied and queued up for -stable. > Dave: I can look at the backports to stable if needed. Please do, that will help me a lot.
On 7/21/18 8:32 PM, David Miller wrote: > > Applied and queued up for -stable. > >> Dave: I can look at the backports to stable if needed. > > Please do, that will help me a lot. > It applies cleanly to 4.17 and 4.14. I tested 4.14 it is fine. Since 4.18 and 4.14 work I have no reason to believe 4.17 will have a problem. Only other relevant release is 4.9 which is handled by others. It needs some non-trivial work to backport so needs to wait until after PTO.
diff --git a/include/net/tcp.h b/include/net/tcp.h index 3482d13d655b..b073dca8f3ac 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -839,6 +839,11 @@ static inline void bpf_compute_data_end_sk_skb(struct sk_buff *skb) */ static inline int tcp_v6_iif(const struct sk_buff *skb) { + return TCP_SKB_CB(skb)->header.h6.iif; +} + +static inline int tcp_v6_iif_l3_slave(const struct sk_buff *skb) +{ bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags); return l3_slave ? skb->skb_iif : TCP_SKB_CB(skb)->header.h6.iif; diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index be491bf6ab6e..ef2505aefc15 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -402,9 +402,10 @@ static int icmp6_iif(const struct sk_buff *skb) /* for local traffic to local address, skb dev is the loopback * device. Check if there is a dst attached to the skb and if so - * get the real device index. + * get the real device index. Same is needed for replies to a link + * local address on a device enslaved to an L3 master device */ - if (unlikely(iif == LOOPBACK_IFINDEX)) { + if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) { const struct rt6_info *rt6 = skb_rt6_info(skb); if (rt6) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 7efa9fd7e109..03e6b7a2bc53 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -938,7 +938,8 @@ static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) &tcp_hashinfo, NULL, 0, &ipv6h->saddr, th->source, &ipv6h->daddr, - ntohs(th->source), tcp_v6_iif(skb), + ntohs(th->source), + tcp_v6_iif_l3_slave(skb), tcp_v6_sdif(skb)); if (!sk1) goto out; @@ -1609,7 +1610,8 @@ static int tcp_v6_rcv(struct sk_buff *skb) skb, __tcp_hdrlen(th), &ipv6_hdr(skb)->saddr, th->source, &ipv6_hdr(skb)->daddr, - ntohs(th->dest), tcp_v6_iif(skb), + ntohs(th->dest), + tcp_v6_iif_l3_slave(skb), sdif); if (sk2) { struct inet_timewait_sock *tw = inet_twsk(sk);