Received: by 10.213.65.68 with SMTP id h4csp37472imn; Mon, 19 Mar 2018 18:45:54 -0700 (PDT) X-Google-Smtp-Source: AG47ELt0icjMfe8nuXTTkMrcymqmGAC1DhO0vGIkVPphDY29L7kNbzJbOiLNCQpeh+R7dmxpJcwQ X-Received: by 10.99.185.77 with SMTP id v13mr10937203pgo.112.1521510354452; Mon, 19 Mar 2018 18:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521510354; cv=none; d=google.com; s=arc-20160816; b=OSmiCBddwQWNjktuNnNO2umBkHWyevIzXmuNWmDpUM457lmYIDvD5lwqomMOd5RNCr arZle7R4svzKmP9aw5q7fiolLIGAJZrg5xzjfmHSOxl7ZPdezcnl579KI4wcaotmXMDe 8GFI7h4NaK5gajTSEW10a384TkjShaZ+4xfyW/5RY77LXdThNjDinUtuUNNQZpRCSWcI HZ6NpKU0Umho4UjYZ0ZuCwXn++z6tIl4+CI//cp7guzDm7EXpxY3Dqv3FxJKIysFt3UP B1Q1rPBsMKANz7alwBsZwsoZ8onnzRz0I51IVniELyfkO2MYA4sSBbKq0FJRkIriO3Nu 4VxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=RBIq3jspxtPI3/0M0nxtykfxLqpnJIn/OVHxQlvXth4=; b=LatKDixuBvtm8NyKeNPoUF3x10typbS9sQ+l1B1vsuEWIIeiatwtYJzwU6J4Oe9kk+ bBM50qCkxGPxkmKOEHtWuRuzW4yGtatcIsKIEA1OAOzgyTLNF9NkzdpSgXmjVvsNvMVX AYwLG/vnup4iiI1ukGmpHSUrjWiHDBCZ/mwgnEQfjfYKojvZGLXFOAOOceL7SMorasEo +uy/eQyo7EzfRF5EIsGopMf18C81hsumZz6eOkexlO7hODujvwFu96An2dWFurL9pV1c zkYvsPTzI7GRNuwuaqRFwucndMTyc5BtYhnNJcdcx4NVEa/QjgVFhwEv+pZCdE1DuRMN iTjA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 94-v6si515679ple.694.2018.03.19.18.45.40; Mon, 19 Mar 2018 18:45:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031802AbeCSTM0 (ORCPT + 99 others); Mon, 19 Mar 2018 15:12:26 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:51132 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S969590AbeCSS1O (ORCPT ); Mon, 19 Mar 2018 14:27:14 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 8378A126C; Mon, 19 Mar 2018 18:27:13 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Amit Sikka , Mahesh Bandewar , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 206/241] ipvlan: add L2 check for packets arriving via virtual devices Date: Mon, 19 Mar 2018 19:07:51 +0100 Message-Id: <20180319180759.704620255@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180319180751.172155436@linuxfoundation.org> References: <20180319180751.172155436@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mahesh Bandewar [ Upstream commit 92ff42645028fa6f9b8aa767718457b9264316b4 ] Packets that don't have dest mac as the mac of the master device should not be entertained by the IPvlan rx-handler. This is mostly true as the packet path mostly takes care of that, except when the master device is a virtual device. As demonstrated in the following case - ip netns add ns1 ip link add ve1 type veth peer name ve2 ip link add link ve2 name iv1 type ipvlan mode l2 ip link set dev iv1 netns ns1 ip link set ve1 up ip link set ve2 up ip -n ns1 link set iv1 up ip addr add 192.168.10.1/24 dev ve1 ip -n ns1 addr 192.168.10.2/24 dev iv1 ping -c2 192.168.10.2 ip neigh show dev ve1 ip neigh show 192.168.10.2 lladdr dev ve1 ping -c2 192.168.10.2 This patch adds that missing check in the IPvlan rx-handler. Reported-by: Amit Sikka Signed-off-by: Mahesh Bandewar Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/net/ipvlan/ipvlan_core.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/drivers/net/ipvlan/ipvlan_core.c +++ b/drivers/net/ipvlan/ipvlan_core.c @@ -299,6 +299,10 @@ static int ipvlan_rcv_frame(struct ipvl_ if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS) success = true; } else { + if (!ether_addr_equal_64bits(eth_hdr(skb)->h_dest, + ipvlan->phy_dev->dev_addr)) + skb->pkt_type = PACKET_OTHERHOST; + ret = RX_HANDLER_ANOTHER; success = true; }