From: Mike Manning <mmanning@vyatta.att-mail.com>
To: netdev@vger.kernel.org
Cc: Dewi Morgan <morgand@vyatta.att-mail.com>
Subject: [PATCH net-next v3 8/9] ipv6: handling of multicast packets received in VRF
Date: Thu, 4 Oct 2018 16:12:13 +0100 [thread overview]
Message-ID: <20181004151214.8522-9-mmanning@vyatta.att-mail.com> (raw)
In-Reply-To: <20181004151214.8522-1-mmanning@vyatta.att-mail.com>
If the skb for multicast packets marked as enslaved to a VRF are
received, then the secondary device index should be used to obtain
the real device. And verify the multicast address against the
enslaved rather than the l3mdev device.
Signed-off-by: Dewi Morgan <morgand@vyatta.att-mail.com>
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
---
net/ipv6/ip6_input.c | 35 ++++++++++++++++++++++++++++++++---
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 96577e742afd..df58e1100226 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -359,6 +359,8 @@ static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *sk
}
} else if (ipprot->flags & INET6_PROTO_FINAL) {
const struct ipv6hdr *hdr;
+ int sdif = inet6_sdif(skb);
+ struct net_device *dev;
/* Only do this once for first final protocol */
have_final = true;
@@ -371,9 +373,19 @@ static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *sk
skb_postpull_rcsum(skb, skb_network_header(skb),
skb_network_header_len(skb));
hdr = ipv6_hdr(skb);
+
+ /* skb->dev passed may be master dev for vrfs. */
+ if (sdif) {
+ dev = dev_get_by_index_rcu(net, sdif);
+ if (!dev)
+ goto discard;
+ } else {
+ dev = skb->dev;
+ }
+
if (ipv6_addr_is_multicast(&hdr->daddr) &&
- !ipv6_chk_mcast_addr(skb->dev, &hdr->daddr,
- &hdr->saddr) &&
+ !ipv6_chk_mcast_addr(dev, &hdr->daddr,
+ &hdr->saddr) &&
!ipv6_is_mld(skb, nexthdr, skb_network_header_len(skb)))
goto discard;
}
@@ -432,15 +444,32 @@ EXPORT_SYMBOL_GPL(ip6_input);
int ip6_mc_input(struct sk_buff *skb)
{
+ int sdif = inet6_sdif(skb);
const struct ipv6hdr *hdr;
+ struct net_device *dev;
bool deliver;
__IP6_UPD_PO_STATS(dev_net(skb_dst(skb)->dev),
__in6_dev_get_safely(skb->dev), IPSTATS_MIB_INMCAST,
skb->len);
+ /* skb->dev passed may be master dev for vrfs. */
+ if (sdif) {
+ rcu_read_lock();
+ dev = dev_get_by_index_rcu(dev_net(skb->dev), sdif);
+ if (!dev) {
+ rcu_read_unlock();
+ kfree_skb(skb);
+ return -ENODEV;
+ }
+ } else {
+ dev = skb->dev;
+ }
+
hdr = ipv6_hdr(skb);
- deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
+ deliver = ipv6_chk_mcast_addr(dev, &hdr->daddr, NULL);
+ if (sdif)
+ rcu_read_unlock();
#ifdef CONFIG_IPV6_MROUTE
/*
--
2.11.0
next prev parent reply other threads:[~2018-10-04 22:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 15:12 [PATCH net-next v3 0/9] vrf: allow simultaneous service instances in default and other VRFs Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 1/9] net: allow binding socket in a VRF when there's an unbound socket Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 2/9] net: ensure unbound stream socket to be chosen when not in a VRF Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 3/9] net: ensure unbound datagram " Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 4/9] net: provide a sysctl raw_l3mdev_accept for raw socket lookup with VRFs Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 5/9] net: fix raw socket lookup device bind matching " Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 6/9] vrf: mark skb for multicast or link-local as enslaved to VRF Mike Manning
2018-10-04 15:12 ` [PATCH net-next v3 7/9] ipv6: allow ping to link-local address in VRF Mike Manning
2018-10-04 15:12 ` Mike Manning [this message]
2018-10-04 15:12 ` [PATCH net-next v3 9/9] ipv6: do not drop vrf udp multicast packets Mike Manning
2018-10-05 21:43 ` [PATCH net-next v3 0/9] vrf: allow simultaneous service instances in default and other VRFs David Miller
2018-10-05 23:49 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181004151214.8522-9-mmanning@vyatta.att-mail.com \
--to=mmanning@vyatta.att-mail.com \
--cc=morgand@vyatta.att-mail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.