diff options
| author | David S. Miller <davem@davemloft.net> | 2019-07-17 15:23:39 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-07-17 15:23:39 -0700 |
| commit | 7b379472bc530fd9929f8791c4daffc63ca90e0c (patch) | |
| tree | 7896881e9e843ea31c31c9331af79de74d9b1ce7 /net | |
| parent | f1bf3e2ab42d20a7683e1c689f3ce8e942da03d4 (diff) | |
| parent | adb701d6cfa432f5dbdf28839b5e64291a7ed30b (diff) | |
| download | linux-7b379472bc530fd9929f8791c4daffc63ca90e0c.tar.gz linux-7b379472bc530fd9929f8791c4daffc63ca90e0c.tar.bz2 linux-7b379472bc530fd9929f8791c4daffc63ca90e0c.zip | |
Merge branch 'ipv4-relax-source-validation-check-for-loopback-packets'
Cong Wang says:
====================
ipv4: relax source validation check for loopback packets
This patchset fixes a corner case when loopback packets get dropped
by rp_filter when we route them from veth to lo. Patch 1 is the fix
and patch 2 provides a simplified test case for this scenario.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/fib_frontend.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 317339cd7f03..e8bc939b56dd 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -388,6 +388,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, fib_combine_itag(itag, &res); dev_match = fib_info_nh_uses_dev(res.fi, dev); + /* This is not common, loopback packets retain skb_dst so normally they + * would not even hit this slow path. + */ + dev_match = dev_match || (res.type == RTN_LOCAL && + dev == net->loopback_dev); if (dev_match) { ret = FIB_RES_NHC(res)->nhc_scope >= RT_SCOPE_HOST; return ret; |