diff options
| author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2024-07-10 11:14:28 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-08-14 14:53:02 +0300 |
| commit | 0e82587899f09edc37f8f5fcb42653d83d0615ea (patch) | |
| tree | 3e07e9e1f775934e32af456b0e4a643ae72a908c /net/ipv6/route.c | |
| parent | 6cae8d04d8b3d1ecfadcaa989e673f6f73349ed5 (diff) | |
| download | linux-0e82587899f09edc37f8f5fcb42653d83d0615ea.tar.xz | |
ipv6: fix source address selection with route leak
commit 252442f2ae317d109ef0b4b39ce0608c09563042 upstream.
By default, an address assigned to the output interface is selected when
the source address is not specified. This is problematic when a route,
configured in a vrf, uses an interface from another vrf (aka route leak).
The original vrf does not own the selected source address.
Let's add a check against the output interface and call the appropriate
function to select the source address.
CC: stable@vger.kernel.org
Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/ipv6/route.c')
| -rw-r--r-- | net/ipv6/route.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 151414e9f7fe..8c1d9e612436 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5681,7 +5681,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; } |