netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH net] udp: only choose unbound UDP socket for multicast when not in a VRF
@ 2019-06-04  1:56 Tim Beale
  2019-06-04 17:23 ` David Ahern
  2019-06-05  1:34 ` David Miller
  0 siblings, 2 replies; 3+ messages in thread
From: Tim Beale @ 2019-06-04  1:56 UTC (permalink / raw)
  To: netdev; +Cc: davem, kuznet, yoshfuji, Tim Beale

By default, packets received in another VRF should not be passed to an
unbound socket in the default VRF. This patch updates the IPv4 UDP
multicast logic to match the unicast VRF logic (in compute_score()),
as well as the IPv6 mcast logic (in __udp_v6_is_mcast_sock()).

The particular case I noticed was DHCP discover packets going
to the 255.255.255.255 address, which are handled by
__udp4_lib_mcast_deliver(). The previous code meant that running
multiple different DHCP server or relay agent instances across VRFs
did not work correctly - any server/relay agent in the default VRF
received DHCP discover packets for all other VRFs.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
---
 net/ipv4/udp.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 8fb250e..efe9283 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -538,8 +538,7 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk,
 	    (inet->inet_dport != rmt_port && inet->inet_dport) ||
 	    (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) ||
 	    ipv6_only_sock(sk) ||
-	    (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif &&
-	     sk->sk_bound_dev_if != sdif))
+	    !udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
 		return false;
 	if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif, sdif))
 		return false;
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH net] udp: only choose unbound UDP socket for multicast when not in a VRF
  2019-06-04  1:56 [PATCH net] udp: only choose unbound UDP socket for multicast when not in a VRF Tim Beale
@ 2019-06-04 17:23 ` David Ahern
  2019-06-05  1:34 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: David Ahern @ 2019-06-04 17:23 UTC (permalink / raw)
  To: Tim Beale, netdev; +Cc: davem, kuznet, yoshfuji

On 6/3/19 7:56 PM, Tim Beale wrote:
> By default, packets received in another VRF should not be passed to an
> unbound socket in the default VRF. This patch updates the IPv4 UDP
> multicast logic to match the unicast VRF logic (in compute_score()),
> as well as the IPv6 mcast logic (in __udp_v6_is_mcast_sock()).
> 
> The particular case I noticed was DHCP discover packets going
> to the 255.255.255.255 address, which are handled by
> __udp4_lib_mcast_deliver(). The previous code meant that running
> multiple different DHCP server or relay agent instances across VRFs
> did not work correctly - any server/relay agent in the default VRF
> received DHCP discover packets for all other VRFs.
> 
> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
> ---
>  net/ipv4/udp.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index 8fb250e..efe9283 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -538,8 +538,7 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk,
>  	    (inet->inet_dport != rmt_port && inet->inet_dport) ||
>  	    (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) ||
>  	    ipv6_only_sock(sk) ||
> -	    (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif &&
> -	     sk->sk_bound_dev_if != sdif))
> +	    !udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
>  		return false;
>  	if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif, sdif))
>  		return false;
> 

Thanks for the fix.

Really should have been apart of this commit:

Fixes: 6da5b0f027a8 ("net: ensure unbound datagram socket to be chosen
when not in a VRF")
Reviewed-by: David Ahern <dsahern@gmail.com>

IPv6 mcast socket lookup was converted to udp_sk_bound_dev_eq, so v6
seems ok.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH net] udp: only choose unbound UDP socket for multicast when not in a VRF
  2019-06-04  1:56 [PATCH net] udp: only choose unbound UDP socket for multicast when not in a VRF Tim Beale
  2019-06-04 17:23 ` David Ahern
@ 2019-06-05  1:34 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2019-06-05  1:34 UTC (permalink / raw)
  To: timbeale; +Cc: netdev, kuznet, yoshfuji

From: Tim Beale <timbeale@catalyst.net.nz>
Date: Tue,  4 Jun 2019 13:56:23 +1200

> By default, packets received in another VRF should not be passed to an
> unbound socket in the default VRF. This patch updates the IPv4 UDP
> multicast logic to match the unicast VRF logic (in compute_score()),
> as well as the IPv6 mcast logic (in __udp_v6_is_mcast_sock()).
> 
> The particular case I noticed was DHCP discover packets going
> to the 255.255.255.255 address, which are handled by
> __udp4_lib_mcast_deliver(). The previous code meant that running
> multiple different DHCP server or relay agent instances across VRFs
> did not work correctly - any server/relay agent in the default VRF
> received DHCP discover packets for all other VRFs.
> 
> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>

Applied and queued up for -stable, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-06-05  1:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-04  1:56 [PATCH net] udp: only choose unbound UDP socket for multicast when not in a VRF Tim Beale
2019-06-04 17:23 ` David Ahern
2019-06-05  1:34 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).