Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2305686ybi; Mon, 1 Jul 2019 09:42:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqyvNUxDTFuTcTkTHXHz+5fEPqOgi+y4sCbYwzH3C0VZ9I1QZtViH9V18TwtY+ypiH8zJWCE X-Received: by 2002:a17:902:bd0a:: with SMTP id p10mr30225595pls.134.1561999341004; Mon, 01 Jul 2019 09:42:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561999340; cv=none; d=google.com; s=arc-20160816; b=JKcQHyZgZZ7TsZHJsonq5gTSCJinUawo6X6+j+0RWlR052bJBGuuRoEZ8sB90RQMOM ExciFMt42hCUpgEMZTce2O0h11J8c/kXrMi4WCZ3wMv5cvZMtdWzT8t7ZQrG7Ol3nH74 HjDOHUyd8ufphNWSKBOdsVRVhD8aHgr5fxclXrBojKCsNY2x/qtuCdtLNNW/YJ9JkHJC uDTRE9vYAEdTPi/iukqugUzlKcVo1kXQGk0Y+qzwxLbiXIdlUI1YXGQC147oniG4CmCH eZUIR/+ZmJhrPGCMQOfgh6WX9jTwuFduOYhSIu4LbtAQvZA8/QNNYOMxosHBRFe3/Ls9 aV1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=g8EI9dR5wqlWCjkgzqhV+VwB49xCmjs0uCx9m3RSdtw=; b=ent4R4kdZNhfHE2gfYdU2AxbuOyDkPsiMHDXF+6W5+zZOjrAKt2enUyL2LkmCr5QTc o6M/jCBrnvlRKE/uM8Zv8wXCEZOLzh8wkf/2MW+sslbwrLDc9YBH/FLde/2LRUHhxNFW M8gn7R1nAc0rbmHRPJlPE8OCxL3nT8qR/81JgZY069RNTnnQcoiBgpL9710VICfLfxtb phqKzgQIdI2TaHU0lB/QuWuypp6/fLPt2tovMzWiHEcuRZmxgry3h4jqdx96DVmKc1Ni Q93+U5MJ3lI1coyNh1GYphFfmOx15RNQnefUOTcQ2k7AIHDWK4M/ViCBEszQQDFito+1 hJCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y134si11875607pfc.285.2019.07.01.09.42.04; Mon, 01 Jul 2019 09:42:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728797AbfGAQIM (ORCPT + 99 others); Mon, 1 Jul 2019 12:08:12 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:37673 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727370AbfGAQIL (ORCPT ); Mon, 1 Jul 2019 12:08:11 -0400 Received: by mail-wr1-f65.google.com with SMTP id v14so14481351wrr.4 for ; Mon, 01 Jul 2019 09:08:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=g8EI9dR5wqlWCjkgzqhV+VwB49xCmjs0uCx9m3RSdtw=; b=kuLSrq0RpAj7YtSaCqJJGP2qVb+GR4seLWwFKfTrMwI1giCR+KicTqXZKkwfKTnJnI 8JNkxB2zuZpioDa6Ux3N3rCzkE7SG0H2l3kp5UITJsd4fuYEHSKf5+NLvQuE/vQGgGot QKdzCBj7wzerY1NPwSNpbW416z0eExUDALYQx06j4AV+5dLjgknRcX6UHvyBfU8VB6ZV LmYkTqPn9UcpgTWWWY3M/C40ot7HhP+WAQGM9lQX1bkvp19+fk7BZ/kc880BTk7R6JC4 BgXrMLnT4q7eBpwIzLQTJR9L0QnZBhxZWNXa1YDImjBOk8EzLkJ/37WpIadSSvwTs3OQ kiPA== X-Gm-Message-State: APjAAAWFdHN7zl/UIgse1zfGPoS8GdRnqbInpIcfDhDDdCkZFgNHGiw4 OBqqK7lDDbrz5d0c1YyEbGFhsQ== X-Received: by 2002:adf:dc81:: with SMTP id r1mr19455477wrj.298.1561997289437; Mon, 01 Jul 2019 09:08:09 -0700 (PDT) Received: from raver.teknoraver.net (net-188-216-18-190.cust.vodafonedsl.it. [188.216.18.190]) by smtp.gmail.com with ESMTPSA id q193sm38329wme.8.2019.07.01.09.08.08 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 01 Jul 2019 09:08:08 -0700 (PDT) From: Matteo Croce To: netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org, "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI Subject: [PATCH net] ipv4: don't set IPv6 only flags to IPv4 addresses Date: Mon, 1 Jul 2019 18:08:05 +0200 Message-Id: <20190701160805.32404-1-mcroce@redhat.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Avoid the situation where an IPV6 only flag is applied to an IPv4 address: # ip addr add 192.0.2.1/24 dev dummy0 nodad home mngtmpaddr noprefixroute # ip -4 addr show dev dummy0 2: dummy0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 inet 192.0.2.1/24 scope global noprefixroute dummy0 valid_lft forever preferred_lft forever Or worse, by sending a malicious netlink command: # ip -4 addr show dev dummy0 2: dummy0: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 inet 192.0.2.1/24 scope global nodad optimistic dadfailed home tentative mngtmpaddr noprefixroute stable-privacy dummy0 valid_lft forever preferred_lft forever Signed-off-by: Matteo Croce --- net/ipv4/devinet.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index c6bd0f7a020a..f40ccdcf4cfe 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -62,6 +62,11 @@ #include #include +#define IPV6ONLY_FLAGS \ + (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ + IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ + IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) + static struct ipv4_devconf ipv4_devconf = { .data = { [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, @@ -468,6 +473,9 @@ static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, ifa->ifa_flags &= ~IFA_F_SECONDARY; last_primary = &in_dev->ifa_list; + /* Don't set IPv6 only flags to IPv6 addresses */ + ifa->ifa_flags &= ~IPV6ONLY_FLAGS; + for (ifap = &in_dev->ifa_list; (ifa1 = *ifap) != NULL; ifap = &ifa1->ifa_next) { if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && -- 2.21.0