[thirdparty/kernel/stable-queue.git] / releases / 5.1.7 / ipv6-fix-redirect-with-vrf.patch

From foo@baz Fri 31 May 2019 03:16:39 PM PDT
From: David Ahern <dsahern@gmail.com>
Date: Wed, 22 May 2019 15:12:18 -0700
Subject: ipv6: Fix redirect with VRF

From: David Ahern <dsahern@gmail.com>

[ Upstream commit 31680ac265802397937d75461a2809a067b9fb93 ]

IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB
entries looking for an exact match on ifindex. With VRF the flowi6_oif
is updated by l3mdev_update_flow to the l3mdev index and the
FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the
device match. For redirects the device match is requires so use that
flag to know when the oif needs to be reset to the skb device index.

Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/route.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2442,6 +2442,12 @@ static struct rt6_info *__ip6_route_redi
 	struct fib6_info *rt;
 	struct fib6_node *fn;
 
+	/* l3mdev_update_flow overrides oif if the device is enslaved; in
+	 * this case we must match on the real ingress device, so reset it
+	 */
+	if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
+		fl6->flowi6_oif = skb->dev->ifindex;
+
 	/* Get the "current" route for this destination and
 	 * check if the redirect has come from appropriate router.
 	 *
Commit	Line	Data
ffc20820 GKH	1	From foo@baz Fri 31 May 2019 03:16:39 PM PDT
	2	From: David Ahern <dsahern@gmail.com>
	3	Date: Wed, 22 May 2019 15:12:18 -0700
	4	Subject: ipv6: Fix redirect with VRF
	5
	6	From: David Ahern <dsahern@gmail.com>
	7
	8	[ Upstream commit 31680ac265802397937d75461a2809a067b9fb93 ]
	9
	10	IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB
	11	entries looking for an exact match on ifindex. With VRF the flowi6_oif
	12	is updated by l3mdev_update_flow to the l3mdev index and the
	13	FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the
	14	device match. For redirects the device match is requires so use that
	15	flag to know when the oif needs to be reset to the skb device index.
	16
	17	Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack")
	18	Signed-off-by: David Ahern <dsahern@gmail.com>
	19	Signed-off-by: David S. Miller <davem@davemloft.net>
	20	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	21	---
	22	net/ipv6/route.c \| 6 ++++++
	23	1 file changed, 6 insertions(+)
	24
	25	--- a/net/ipv6/route.c
	26	+++ b/net/ipv6/route.c
	27	@@ -2442,6 +2442,12 @@ static struct rt6_info *__ip6_route_redi
	28	struct fib6_info *rt;
	29	struct fib6_node *fn;
	30
	31	+ /* l3mdev_update_flow overrides oif if the device is enslaved; in
	32	+ * this case we must match on the real ingress device, so reset it
	33	+ */
	34	+ if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
	35	+ fl6->flowi6_oif = skb->dev->ifindex;
	36	+
	37	/* Get the "current" route for this destination and
	38	* check if the redirect has come from appropriate router.
	39	*