From patchwork Mon Oct  1 08:43:16 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mike Manning <mmanning@vyatta.att-mail.com>
X-Patchwork-Id: 977053
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=vyatta.att-mail.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 42Nwn01Hhbz9s3x
	for <patchwork-incoming-netdev@ozlabs.org>;
	Mon,  1 Oct 2018 18:44:04 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728956AbeJAPUU (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Mon, 1 Oct 2018 11:20:20 -0400
Received: from mx0a-00191d01.pphosted.com ([67.231.149.140]:54198 "EHLO
	mx0a-00191d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1728935AbeJAPUT (ORCPT
	<rfc822;netdev@vger.kernel.org>); Mon, 1 Oct 2018 11:20:19 -0400
Received: from pps.filterd (m0053301.ppops.net [127.0.0.1])
	by mx0a-00191d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w918Z9cJ037029
	for <netdev@vger.kernel.org>; Mon, 1 Oct 2018 04:43:40 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24])
	by mx0a-00191d01.pphosted.com with ESMTP id 2mu1fxq49p-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <netdev@vger.kernel.org>; Mon, 01 Oct 2018 04:43:39 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1])
	by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id
	w918hcvY003084
	for <netdev@vger.kernel.org>; Mon, 1 Oct 2018 04:43:38 -0400
Received: from zlp27125.vci.att.com (zlp27125.vci.att.com [135.66.87.52])
	by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id
	w918hYrm003057
	for <netdev@vger.kernel.org>; Mon, 1 Oct 2018 04:43:34 -0400
Received: from zlp27125.vci.att.com (zlp27125.vci.att.com [127.0.0.1])
	by zlp27125.vci.att.com (Service) with ESMTP id B204F16A3EE
	for <netdev@vger.kernel.org>; Mon,  1 Oct 2018 08:43:34 +0000 (GMT)
Received: from mlpi432.sfdc.sbc.com (unknown [144.151.223.11])
	by zlp27125.vci.att.com (Service) with ESMTP id 9F2CF16A3ED
	for <netdev@vger.kernel.org>; Mon,  1 Oct 2018 08:43:34 +0000 (GMT)
Received: from sfdc.sbc.com (localhost [127.0.0.1])
	by mlpi432.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id w918hYA0003779
	for <netdev@vger.kernel.org>; Mon, 1 Oct 2018 04:43:34 -0400
Received: from mail.eng.vyatta.net (mail.eng.vyatta.net [10.156.50.82])
	by mlpi432.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id w918hYOQ003758
	for <netdev@vger.kernel.org>; Mon, 1 Oct 2018 04:43:34 -0400
Received: from MM-7520.vyatta.net (unknown [10.156.47.144])
	by mail.eng.vyatta.net (Postfix) with ESMTPA id 31F8036004A;
	Mon,  1 Oct 2018 01:43:33 -0700 (PDT)
From: Mike Manning <mmanning@vyatta.att-mail.com>
To: netdev@vger.kernel.org
Cc: Duncan Eastoe <deastoe@vyatta.att-mail.com>
Subject: [PATCH net-next v2 06/10] net: IP[V6]_MULTICAST_IF constraint on
	unbound socket if VRFs present
Date: Mon,  1 Oct 2018 09:43:16 +0100
Message-Id: <20181001084320.32453-7-mmanning@vyatta.att-mail.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181001084320.32453-1-mmanning@vyatta.att-mail.com>
References: <20181001084320.32453-1-mmanning@vyatta.att-mail.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-10-01_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam
	policy=outbound_policy score=0
	priorityscore=1501 malwarescore=0 suspectscore=4 phishscore=0
	bulkscore=0
	spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0
	impostorscore=0
	mlxlogscore=543 adultscore=0 classifier=spam adjust=0 reason=mlx
	scancount=1 engine=8.0.1-1807170000 definitions=main-1810010088
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Duncan Eastoe <deastoe@vyatta.att-mail.com>

If setsockopt(IP_MULTICAST_IF) or setsockopt(IPV6_MULTICAST_IF) is
called on a socket which is not bound to a VRF then we should ensure
that the output device chosen is also not bound to a VRF master.

This avoids inadvertently sending traffic out of the wrong interface.
This can be particularly problematic for IP_MULTICAST_IF since the
interface lookup can be performed by address as well as ifindex. If
there are interfaces with the same address, one unbound and one bound
to a VRF, then the interface bound to the VRF may be chosen when the
sockopt is called on an unbound socket.

Signed-off-by: Duncan Eastoe <deastoe@vyatta.att-mail.com>
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
---
 net/ipv4/ip_sockglue.c   | 3 +++
 net/ipv6/ipv6_sockglue.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index c0fe5ad996f2..026971314c43 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -892,6 +892,9 @@ static int do_ip_setsockopt(struct sock *sk, int level,
 		dev_put(dev);
 
 		err = -EINVAL;
+		if (!sk->sk_bound_dev_if && midx)
+			break;
+
 		if (sk->sk_bound_dev_if &&
 		    mreq.imr_ifindex != sk->sk_bound_dev_if &&
 		    (!midx || midx != sk->sk_bound_dev_if))
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index c0cac9cc3a28..7dfbc797b130 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -626,6 +626,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
 
 			rcu_read_unlock();
 
+			if (!sk->sk_bound_dev_if && midx)
+				goto e_inval;
+
 			if (sk->sk_bound_dev_if &&
 			    sk->sk_bound_dev_if != val &&
 			    (!midx || midx != sk->sk_bound_dev_if))