diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2018-01-11 12:36:26 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-01-15 21:53:30 +0300 |
| commit | 6503a30440962f1e1ccb8868816b4e18201218d4 (patch) | |
| tree | 7a806e0521b02ee9b82dd0debb708c7481954986 /security/yama | |
| parent | cbbdf8433a5f117b1a2119ea30fc651b61ef7570 (diff) | |
| download | linux-6503a30440962f1e1ccb8868816b4e18201218d4.tar.xz | |
net: ipv4: Make "ip route get" match iif lo rules again.
Commit 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu
versions of route lookup") broke "ip route get" in the presence
of rules that specify iif lo.
Host-originated traffic always has iif lo, because
ip_route_output_key_hash and ip6_route_output_flags set the flow
iif to LOOPBACK_IFINDEX. Thus, putting "iif lo" in an ip rule is a
convenient way to select only originated traffic and not forwarded
traffic.
inet_rtm_getroute used to match these rules correctly because
even though it sets the flow iif to 0, it called
ip_route_output_key which overwrites iif with LOOPBACK_IFINDEX.
But now that it calls ip_route_output_key_hash_rcu, the ifindex
will remain 0 and not match the iif lo in the rule. As a result,
"ip route get" will return ENETUNREACH.
Fixes: 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu versions of route lookup")
Tested: https://android.googlesource.com/kernel/tests/+/master/net/test/multinetwork_test.py passes again
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/yama')
0 files changed, 0 insertions, 0 deletions