From patchwork Tue May 16 15:37:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Ulmer X-Patchwork-Id: 763026 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3wS1mh5MJKz9s84 for ; Wed, 17 May 2017 01:37:56 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cradlepoint.com header.i=@cradlepoint.com header.b="QDjCq28s"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752607AbdEPPht (ORCPT ); Tue, 16 May 2017 11:37:49 -0400 Received: from mail-bl2nam02on0126.outbound.protection.outlook.com ([104.47.38.126]:27552 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752249AbdEPPhr (ORCPT ); Tue, 16 May 2017 11:37:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cradlepoint.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1Dzz+DAfVaaAYF2Bu8Dg34f0O8VfQ1jjn1DMEwkpEK8=; b=QDjCq28sPD9D80h6iR4wxmKoUX8mOnVjxfy6YENTJFLTKLrJtcYUdZn702bwJ4GLnIKZg0jnTwF6U/hTplQerLBnJj0LFVaLqXfo5swc5BxvfWuFBzkeJX1yKGR3m5ItX2JGh/YnbfTtUsQiKqCHR9uzSBo4IIHq2vo6ZnWaEi0= Received: from MWHPR1201MB0173.namprd12.prod.outlook.com (10.174.99.7) by MWHPR1201MB0173.namprd12.prod.outlook.com (10.174.99.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Tue, 16 May 2017 15:37:39 +0000 Received: from MWHPR1201MB0173.namprd12.prod.outlook.com ([10.174.99.7]) by MWHPR1201MB0173.namprd12.prod.outlook.com ([10.174.99.7]) with mapi id 15.01.1084.029; Tue, 16 May 2017 15:37:39 +0000 From: Michael Ulmer To: "netdev@vger.kernel.org" Subject: [Patch][IPv6] Fix wrong routing mechanism for Link Local IPv6 packets Thread-Topic: [Patch][IPv6] Fix wrong routing mechanism for Link Local IPv6 packets Thread-Index: AQHSzlopW73bKvfFJ0GNKrCWDcCEEg== Date: Tue, 16 May 2017 15:37:39 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=cradlepoint.com; x-originating-ip: [132.245.92.197] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR1201MB0173; 7:IdMmVfgF71BkUmRoY2VVCFkaoW5ojXGcVtGmR1YYVsSw6xL9Ep92aGfmXGTv/ti9JT+T9LrHl2VDAQ3aTnwJRIYxkVnei7p5hzQ6xhZ+R1t6WA3WDJQJzOSCRTAW7cxov/h3V8ZZYIf4cKXm8wIcpi89SEAN1h02AQHiK3vcDGdMHmhwMrwZJSaosrwHITmgqIF6xoqZD6MQZjMCJ4vV5mVH0VLDLStg7MzHqlYhME3+UVsxXu0bACTN5QL62Y/53hRYtexOa+KiqOuSh3esqeeDHqKOL4RZj60A7faPO4/htUixkxJjJhgbLWhLNeKDsN1Nx923L5FwR5SGKspGFw== x-ms-office365-filtering-correlation-id: c4c89c7f-3cc9-4b5a-db8d-08d49c717c3f x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR1201MB0173; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(6041248)(20161123560025)(20161123555025)(20161123558100)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(6072148); SRVR:MWHPR1201MB0173; BCL:0; PCL:0; RULEID:; SRVR:MWHPR1201MB0173; x-forefront-prvs: 03094A4065 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39400400002)(39450400003)(39410400002)(478600001)(81166006)(38730400002)(8676002)(1730700003)(9686003)(86362001)(3280700002)(7736002)(5640700003)(2351001)(122556002)(110136004)(77096006)(6506006)(8936002)(6436002)(25786009)(189998001)(3660700001)(2900100001)(33656002)(6116002)(305945005)(7696004)(6306002)(1720100001)(102836003)(3846002)(5660300001)(54356999)(50986999)(74316002)(6916009)(66066001)(55016002)(2906002)(99286003)(53936002)(2501003)(966005)(562404015); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR1201MB0173; H:MWHPR1201MB0173.namprd12.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: cradlepoint.com X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2017 15:37:39.2947 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 1c02e371-8283-43fd-a70d-1e8e10c567ec X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1201MB0173 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Blast from the past. 10 years back Wei Dong submitted the patch found (amongst several places) here: http://lists.openwall.net/netdev/2007/01/30/20 Problem: I have a firewall rule that DNATs ipv6 traffic from a destination address to ::1. The route lookup gives me the Main table & forwards that DNAT'd traffic instead of sending it to local process. Example: Looking at this from a netfilter point of view, a client (IP of fd00::5) requests a web page at [2000::25:0:0:1]:8080. The firewall rule DNATs it to ::1 (note that I threw a -j TRACE in raw's REROUTING). TRACE: nat:PREROUTING:rule:2 SRC=fd00::5 DST=2000::25:0:0:1 TRACE: mangle:FORWARD:rule:1 SRC=fd00::5 DST=::1 The patch is verbatim (as is the subject line for this email). Traffic DNAT'd to ::1 now goes to mangle's INPUT chain after routing decision. I'm not sure why it was removed--I'm assuming it was an accident--as I can't find a record in the mailing list archive. diff --git a/gpl/kernel/linux/net/ipv6/route.c b/gpl/kernel/linux/net/ipv6/route.c index 3809ca2..2a2563f 100644 --- a/gpl/kernel/linux/net/ipv6/route.c +++ b/gpl/kernel/linux/net/ipv6/route.c @@ -611,7 +611,7 @@ static int rt6_score_route(struct rt6_info *rt, int oif, int m; m = rt6_check_dev(rt, oif); - if (!m && (strict & RT6_LOOKUP_F_IFACE)) + if (!m && (rt->rt6i_flags & RTF_CACHE) && (strict & RT6_LOOKUP_F_IFACE)) return RT6_NUD_FAIL_HARD; #ifdef CONFIG_IPV6_ROUTER_PREF m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;