Received: by 10.223.185.111 with SMTP id b44csp918141wrg; Fri, 9 Mar 2018 16:50:30 -0800 (PST) X-Google-Smtp-Source: AG47ELswepnKNzEAcUZa5/d3Jma/nvk4u0OtdYvLAzA+uCKrHejokKuxzWTY60wOcCt2H2LXQ3ZY X-Received: by 10.99.115.84 with SMTP id d20mr234421pgn.362.1520643029962; Fri, 09 Mar 2018 16:50:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520643029; cv=none; d=google.com; s=arc-20160816; b=C0iWrEe+GTp2p5evxnJ6nj6uffAmq9DRb8g00Rzdh5y6RTmR0B3Pj+4c9sMfKRPoVb 7xw/VQ+SU3Qe5zycew7hgpBn8FTxPRJEPKi2P5XMz5N2kSRDtTCRsitf5I7G4HvoUywi dpaTIVkfKN0VOxOe3Uv3BlFbjHiX02MUBPgyDgg0mer9VbslpeB30xB+6HryRE2vnt9w DWfpLcV3rcHisoZg0oLapJGaOmFPs0k8RBGIW+0mOmQ+Dcd3K1tJXd/k5BqJgvxeIT9l nNB3QaXfL7Uk15boiyoDBSfj+5aUA+Zh9vv+hgEaY0v2iv1gJxy0B2E1NqV/Ur7lMDIu JCiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=7B9uDJ06q/ohNWcNLJceWs8Fllus85GgkM/aepzCx+0=; b=Cl2FlP3CcSv9WtbwRSvXqaLWwl0KNokzf295cjbqTFfaGSvAfZzC8nclxRN7Tm7M03 GQpiyc7JHL4d1UGqw98GeinUGffVLSL/4iJJPezXcRBcy0DpJ6+0/x3vhURpXUSCnjoD 78Byj5BEQ3Wxo3bK1LHVKz0yYokMYBLQMgJS/c9+dboXVYOVEex3amDhMq+vrZ2v7nZT GqUKctwfzuX5Kb3D2RzNRT31umNc2nddo5QpBqVc02VIOuV1GUgfWkBujKq3SNa3i1wa NK67pOYJn+iIe6ckZwUq4YqOtMReE4opQNN4Uh5SB4fP9/HEbHOfSRE5BA5h15xKhk7f wpQA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h18si1742681pfi.31.2018.03.09.16.50.15; Fri, 09 Mar 2018 16:50:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933058AbeCJATb (ORCPT + 99 others); Fri, 9 Mar 2018 19:19:31 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:38684 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932727AbeCJAT2 (ORCPT ); Fri, 9 Mar 2018 19:19:28 -0500 Received: from localhost (unknown [185.236.200.248]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 067F7F1D; Sat, 10 Mar 2018 00:19:27 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jianlin Shi , Stefano Brivio , David Ahern , "David S. Miller" Subject: [PATCH 3.18 20/21] fib_semantics: Dont match route with mismatching tclassid Date: Fri, 9 Mar 2018 16:18:42 -0800 Message-Id: <20180310001802.359603741@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180310001801.045114869@linuxfoundation.org> References: <20180310001801.045114869@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stefano Brivio [ Upstream commit a8c6db1dfd1b1d18359241372bb204054f2c3174 ] In fib_nh_match(), if output interface or gateway are passed in the FIB configuration, we don't have to check next hops of multipath routes to conclude whether we have a match or not. However, we might still have routes with different realms matching the same output interface and gateway configuration, and this needs to cause the match to fail. Otherwise the first route inserted in the FIB will match, regardless of the realms: # ip route add 1.1.1.1 dev eth0 table 1234 realms 1/2 # ip route append 1.1.1.1 dev eth0 table 1234 realms 3/4 # ip route list table 1234 1.1.1.1 dev eth0 scope link realms 1/2 1.1.1.1 dev eth0 scope link realms 3/4 # ip route del 1.1.1.1 dev ens3 table 1234 realms 3/4 # ip route list table 1234 1.1.1.1 dev ens3 scope link realms 3/4 whereas route with realms 3/4 should have been deleted instead. Explicitly check for fc_flow passed in the FIB configuration (this comes from RTA_FLOW extracted by rtm_to_fib_config()) and fail matching if it differs from nh_tclassid. The handling of RTA_FLOW for multipath routes later in fib_nh_match() is still needed, as we can have multiple RTA_FLOW attributes that need to be matched against the tclassid of each next hop. v2: Check that fc_flow is set before discarding the match, so that the user can still select the first matching rule by not specifying any realm, as suggested by David Ahern. Reported-by: Jianlin Shi Signed-off-by: Stefano Brivio Acked-by: David Ahern Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/fib_semantics.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -514,6 +514,11 @@ int fib_nh_match(struct fib_config *cfg, return 1; if (cfg->fc_oif || cfg->fc_gw) { +#ifdef CONFIG_IP_ROUTE_CLASSID + if (cfg->fc_flow && + cfg->fc_flow != fi->fib_nh->nh_tclassid) + return 1; +#endif if ((!cfg->fc_oif || cfg->fc_oif == fi->fib_nh->nh_oif) && (!cfg->fc_gw || cfg->fc_gw == fi->fib_nh->nh_gw)) return 0;