From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Manning <mmanning@vyatta.att-mail.com>
Subject: [PATCH net-next v3 8/9] ipv6: handling of multicast packets received in VRF
Date: Thu,  4 Oct 2018 16:12:13 +0100
Message-ID: <20181004151214.8522-9-mmanning@vyatta.att-mail.com>
References: <20181004151214.8522-1-mmanning@vyatta.att-mail.com>
Cc: Dewi Morgan <morgand@vyatta.att-mail.com>
To: netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mx0a-00191d01.pphosted.com ([67.231.149.140]:44714 "EHLO
        mx0a-00191d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727719AbeJDWGY (ORCPT
        <rfc822;netdev@vger.kernel.org>); Thu, 4 Oct 2018 18:06:24 -0400
Received: from pps.filterd (m0049295.ppops.net [127.0.0.1])
        by m0049295.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id w94F9PqP006047
        for <netdev@vger.kernel.org>; Thu, 4 Oct 2018 11:12:41 -0400
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24])
        by m0049295.ppops.net-00191d01. with ESMTP id 2mwn3c0k6f-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
        for <netdev@vger.kernel.org>; Thu, 04 Oct 2018 11:12:41 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1])
        by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w94FCeG4015295
        for <netdev@vger.kernel.org>; Thu, 4 Oct 2018 11:12:40 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [135.66.87.50])
        by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w94FCZEK015135
        for <netdev@vger.kernel.org>; Thu, 4 Oct 2018 11:12:35 -0400
Received: from zlp27128.vci.att.com (zlp27128.vci.att.com [127.0.0.1])
        by zlp27128.vci.att.com (Service) with ESMTP id 1303A4039447
        for <netdev@vger.kernel.org>; Thu,  4 Oct 2018 15:12:35 +0000 (GMT)
Received: from mlpi432.sfdc.sbc.com (unknown [144.151.223.11])
        by zlp27128.vci.att.com (Service) with ESMTP id EB01D4000694
        for <netdev@vger.kernel.org>; Thu,  4 Oct 2018 15:12:34 +0000 (GMT)
Received: from sfdc.sbc.com (localhost [127.0.0.1])
        by mlpi432.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id w94FCYhS021158
        for <netdev@vger.kernel.org>; Thu, 4 Oct 2018 11:12:34 -0400
Received: from mail.eng.vyatta.net (mail.eng.vyatta.net [10.156.50.82])
        by mlpi432.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id w94FCUUJ021024
        for <netdev@vger.kernel.org>; Thu, 4 Oct 2018 11:12:30 -0400
In-Reply-To: <20181004151214.8522-1-mmanning@vyatta.att-mail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

If the skb for multicast packets marked as enslaved to a VRF are
received, then the secondary device index should be used to obtain
the real device. And verify the multicast address against the
enslaved rather than the l3mdev device.

Signed-off-by: Dewi Morgan <morgand@vyatta.att-mail.com>
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
---
 net/ipv6/ip6_input.c | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 96577e742afd..df58e1100226 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -359,6 +359,8 @@ static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *sk
 			}
 		} else if (ipprot->flags & INET6_PROTO_FINAL) {
 			const struct ipv6hdr *hdr;
+			int sdif = inet6_sdif(skb);
+			struct net_device *dev;
 
 			/* Only do this once for first final protocol */
 			have_final = true;
@@ -371,9 +373,19 @@ static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *sk
 			skb_postpull_rcsum(skb, skb_network_header(skb),
 					   skb_network_header_len(skb));
 			hdr = ipv6_hdr(skb);
+
+			/* skb->dev passed may be master dev for vrfs. */
+			if (sdif) {
+				dev = dev_get_by_index_rcu(net, sdif);
+				if (!dev)
+					goto discard;
+			} else {
+				dev = skb->dev;
+			}
+
 			if (ipv6_addr_is_multicast(&hdr->daddr) &&
-			    !ipv6_chk_mcast_addr(skb->dev, &hdr->daddr,
-			    &hdr->saddr) &&
+			    !ipv6_chk_mcast_addr(dev, &hdr->daddr,
+						 &hdr->saddr) &&
 			    !ipv6_is_mld(skb, nexthdr, skb_network_header_len(skb)))
 				goto discard;
 		}
@@ -432,15 +444,32 @@ EXPORT_SYMBOL_GPL(ip6_input);
 
 int ip6_mc_input(struct sk_buff *skb)
 {
+	int sdif = inet6_sdif(skb);
 	const struct ipv6hdr *hdr;
+	struct net_device *dev;
 	bool deliver;
 
 	__IP6_UPD_PO_STATS(dev_net(skb_dst(skb)->dev),
 			 __in6_dev_get_safely(skb->dev), IPSTATS_MIB_INMCAST,
 			 skb->len);
 
+	/* skb->dev passed may be master dev for vrfs. */
+	if (sdif) {
+		rcu_read_lock();
+		dev = dev_get_by_index_rcu(dev_net(skb->dev), sdif);
+		if (!dev) {
+			rcu_read_unlock();
+			kfree_skb(skb);
+			return -ENODEV;
+		}
+	} else {
+		dev = skb->dev;
+	}
+
 	hdr = ipv6_hdr(skb);
-	deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
+	deliver = ipv6_chk_mcast_addr(dev, &hdr->daddr, NULL);
+	if (sdif)
+		rcu_read_unlock();
 
 #ifdef CONFIG_IPV6_MROUTE
 	/*
-- 
2.11.0